0163d689a037fd192ee60e03395ffb11b2003a1e98388b80637bb3dfa433b474

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll
Size

48KB
MD5

bae1554a661bba058b7ba9a61fed42ba
SHA1

dac69a524b5fe28c8366760eb2c365077778857d
SHA256

0163d689a037fd192ee60e03395ffb11b2003a1e98388b80637bb3dfa433b474
SHA512

98bc4238ad25d37e1c5b4446c5f027aaedb0c66ed8db8869e7ccbcc1d23376f05303b7bb23984938e0bdb178df436abec78dedc7b119742e6946dc495d08f4e6
SSDEEP

384:JToHhcb6TfV9jhe6kuW/UVsFL7bScMzZ3jy4lJ4X6ulX+cA/8oKHQxLqbT9K:JTbGT99dT9VsFLa5jZJ4X6ie/8ofY9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 4128	4452	rundll32.exe	84
PID 4452 wrote to memory of 4128	4452	rundll32.exe	84
PID 4452 wrote to memory of 4128	4452	rundll32.exe	84
PID 4128 wrote to memory of 4516	4128	rundll32.exe	85
PID 4128 wrote to memory of 4516	4128	rundll32.exe	85
PID 4128 wrote to memory of 4516	4128	rundll32.exe	85
PID 4516 wrote to memory of 4556	4516	rundll32.exe	86
PID 4516 wrote to memory of 4556	4516	rundll32.exe	86
PID 4516 wrote to memory of 4556	4516	rundll32.exe	86
PID 4556 wrote to memory of 400	4556	rundll32.exe	87
PID 4556 wrote to memory of 400	4556	rundll32.exe	87
PID 4556 wrote to memory of 400	4556	rundll32.exe	87
PID 400 wrote to memory of 4824	400	rundll32.exe	88
PID 400 wrote to memory of 4824	400	rundll32.exe	88
PID 400 wrote to memory of 4824	400	rundll32.exe	88
PID 4824 wrote to memory of 5056	4824	rundll32.exe	89
PID 4824 wrote to memory of 5056	4824	rundll32.exe	89
PID 4824 wrote to memory of 5056	4824	rundll32.exe	89
PID 5056 wrote to memory of 5112	5056	rundll32.exe	90
PID 5056 wrote to memory of 5112	5056	rundll32.exe	90
PID 5056 wrote to memory of 5112	5056	rundll32.exe	90
PID 5112 wrote to memory of 2360	5112	rundll32.exe	91
PID 5112 wrote to memory of 2360	5112	rundll32.exe	91
PID 5112 wrote to memory of 2360	5112	rundll32.exe	91
PID 2360 wrote to memory of 1240	2360	rundll32.exe	92
PID 2360 wrote to memory of 1240	2360	rundll32.exe	92
PID 2360 wrote to memory of 1240	2360	rundll32.exe	92
PID 1240 wrote to memory of 2672	1240	rundll32.exe	93
PID 1240 wrote to memory of 2672	1240	rundll32.exe	93
PID 1240 wrote to memory of 2672	1240	rundll32.exe	93
PID 2672 wrote to memory of 2128	2672	rundll32.exe	94
PID 2672 wrote to memory of 2128	2672	rundll32.exe	94
PID 2672 wrote to memory of 2128	2672	rundll32.exe	94
PID 2128 wrote to memory of 1936	2128	rundll32.exe	95
PID 2128 wrote to memory of 1936	2128	rundll32.exe	95
PID 2128 wrote to memory of 1936	2128	rundll32.exe	95
PID 1936 wrote to memory of 972	1936	rundll32.exe	96
PID 1936 wrote to memory of 972	1936	rundll32.exe	96
PID 1936 wrote to memory of 972	1936	rundll32.exe	96
PID 972 wrote to memory of 4880	972	rundll32.exe	97
PID 972 wrote to memory of 4880	972	rundll32.exe	97
PID 972 wrote to memory of 4880	972	rundll32.exe	97
PID 4880 wrote to memory of 2796	4880	rundll32.exe	98
PID 4880 wrote to memory of 2796	4880	rundll32.exe	98
PID 4880 wrote to memory of 2796	4880	rundll32.exe	98
PID 2796 wrote to memory of 1244	2796	rundll32.exe	99
PID 2796 wrote to memory of 1244	2796	rundll32.exe	99
PID 2796 wrote to memory of 1244	2796	rundll32.exe	99
PID 1244 wrote to memory of 1400	1244	rundll32.exe	100
PID 1244 wrote to memory of 1400	1244	rundll32.exe	100
PID 1244 wrote to memory of 1400	1244	rundll32.exe	100
PID 1400 wrote to memory of 2560	1400	rundll32.exe	101
PID 1400 wrote to memory of 2560	1400	rundll32.exe	101
PID 1400 wrote to memory of 2560	1400	rundll32.exe	101
PID 2560 wrote to memory of 1072	2560	rundll32.exe	103
PID 2560 wrote to memory of 1072	2560	rundll32.exe	103
PID 2560 wrote to memory of 1072	2560	rundll32.exe	103
PID 1072 wrote to memory of 100	1072	rundll32.exe	104
PID 1072 wrote to memory of 100	1072	rundll32.exe	104
PID 1072 wrote to memory of 100	1072	rundll32.exe	104
PID 100 wrote to memory of 264	100	rundll32.exe	105
PID 100 wrote to memory of 264	100	rundll32.exe	105
PID 100 wrote to memory of 264	100	rundll32.exe	105
PID 264 wrote to memory of 4668	264	rundll32.exe	106

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4128
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4516
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4556
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:400
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:5056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:5112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:2360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:1240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:2672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:2128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:1936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:4880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:2796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:1244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:1400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:2560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        20⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        23⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        24⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        25⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        26⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        27⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        28⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        29⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        30⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        31⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        32⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        33⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        34⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        35⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        36⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        37⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        38⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        39⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        40⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        41⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        42⤵
        
        PID:428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        43⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        44⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        45⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        46⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        47⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        48⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        49⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        50⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        51⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        53⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        54⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        55⤵
        
        PID:828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        56⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        57⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        58⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:1076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        60⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        61⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        63⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        64⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        65⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        66⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        67⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        68⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        69⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        70⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        71⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        72⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        73⤵
        
        PID:1180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        74⤵
        
        PID:752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        75⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        76⤵
        
        PID:624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        77⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        78⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        79⤵
        
        PID:872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        80⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        81⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        82⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        83⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        84⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        85⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        87⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        88⤵
        
        PID:548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        89⤵
        
        PID:760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        90⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        91⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        92⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        93⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        94⤵
        
        PID:432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        95⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        96⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        97⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        98⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:5124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        100⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        101⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        102⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        104⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        105⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        106⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        107⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        108⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        109⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        110⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        111⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        112⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        113⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        114⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        115⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        116⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        117⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        118⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        119⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        120⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        121⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        122⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:5548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        124⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        125⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        126⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        127⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        128⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        129⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        130⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        131⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        132⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        133⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        134⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        135⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        136⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        137⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        138⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        139⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        140⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        141⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        142⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        143⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        144⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        145⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        146⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        147⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        148⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        149⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        150⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        151⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        152⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        153⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        154⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        155⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        156⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        157⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        158⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        159⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        160⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        161⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:6192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        163⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        164⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        165⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        166⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        167⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        168⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        169⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        170⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        171⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        172⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        173⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        174⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        175⤵
        System Location Discovery: System Language Discovery
        
        PID:6396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        176⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        177⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        178⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        179⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        180⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        181⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        182⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        183⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        184⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        185⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        186⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        187⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        188⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        189⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        190⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        191⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        192⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        193⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        194⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        195⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        196⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        197⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:6900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        199⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        200⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        201⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        202⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        203⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        204⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        205⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        206⤵
        System Location Discovery: System Language Discovery
        
        PID:7060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        207⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        208⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        209⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        210⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        211⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        212⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        213⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:7184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        215⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        216⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        217⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        218⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        219⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        220⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        221⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        222⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        223⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        224⤵
        System Location Discovery: System Language Discovery
        
        PID:7324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        225⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        226⤵
        System Location Discovery: System Language Discovery
        
        PID:7356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        227⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        228⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        229⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        230⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        231⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        232⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        233⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        234⤵
        System Location Discovery: System Language Discovery
        
        PID:7480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        235⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        236⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        237⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        238⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        239⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        240⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        241⤵
        System Location Discovery: System Language Discovery
        
        PID:7588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        242⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        243⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        244⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        245⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        246⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        247⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        248⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        249⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        250⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        251⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        252⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        253⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        254⤵
        System Location Discovery: System Language Discovery
        
        PID:7792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        255⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        256⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        257⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        258⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        259⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        260⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        261⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        262⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        263⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        264⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        265⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        266⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        267⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        268⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        269⤵
        System Location Discovery: System Language Discovery
        
        PID:8012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        270⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        271⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        272⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        273⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        274⤵
        System Location Discovery: System Language Discovery
        
        PID:8088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        275⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        276⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        277⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        278⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        279⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        280⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        281⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        282⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        283⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        284⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        285⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        286⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        287⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        288⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        289⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        290⤵
        System Location Discovery: System Language Discovery
        
        PID:8212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        291⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        292⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        293⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        294⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        295⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        296⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        297⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        298⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        299⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        300⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        301⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        302⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        303⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        304⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        305⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        306⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        307⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        308⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        309⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        310⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        311⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        312⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        313⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        314⤵
        System Location Discovery: System Language Discovery
        
        PID:8604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        315⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        316⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        317⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        318⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        319⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        320⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        321⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        322⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        323⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        324⤵
        System Location Discovery: System Language Discovery
        
        PID:8764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        325⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        326⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        327⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        328⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        329⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        330⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        331⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        332⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        333⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        334⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        335⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        336⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        337⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        338⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        339⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        340⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        341⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        342⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        343⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        344⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        345⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        346⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        347⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        348⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        349⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        350⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        351⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        352⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        353⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        354⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        355⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        356⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        357⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        358⤵
        System Location Discovery: System Language Discovery
        
        PID:9284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        359⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        360⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        361⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        362⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        363⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        364⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        365⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        366⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        367⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        368⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        369⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        370⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        371⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        372⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        373⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        374⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        375⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        376⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        377⤵
        System Location Discovery: System Language Discovery
        
        PID:9580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        378⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        379⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        380⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        381⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        382⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        383⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        384⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        385⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        386⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        387⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        388⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        389⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        390⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        391⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        392⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        393⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        394⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        395⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        396⤵
        System Location Discovery: System Language Discovery
        
        PID:9876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        397⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        398⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        399⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        400⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        401⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        402⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        403⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        404⤵
        System Location Discovery: System Language Discovery
        
        PID:10000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        405⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        406⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        407⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        408⤵
        System Location Discovery: System Language Discovery
        
        PID:10064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        409⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        410⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        411⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        412⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        413⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        414⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        415⤵
        System Location Discovery: System Language Discovery
        
        PID:10168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        416⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        417⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        418⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        419⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        420⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        421⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        422⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        423⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        424⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        425⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        426⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        427⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        428⤵
        System Location Discovery: System Language Discovery
        
        PID:10476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        429⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        430⤵
        System Location Discovery: System Language Discovery
        
        PID:10504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        431⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        432⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        433⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        434⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        435⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        436⤵
        System Location Discovery: System Language Discovery
        
        PID:10616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        437⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        438⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        439⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        440⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        441⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        442⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        443⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        444⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        445⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        446⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        447⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        448⤵
        System Location Discovery: System Language Discovery
        
        PID:10812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        449⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        450⤵
        System Location Discovery: System Language Discovery
        
        PID:10840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        451⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        452⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        453⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        454⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        455⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        456⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        457⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        458⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        459⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        460⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        461⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        462⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        463⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        464⤵
        System Location Discovery: System Language Discovery
        
        PID:11064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        465⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        466⤵
        System Location Discovery: System Language Discovery
        
        PID:11092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        467⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        468⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        469⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        470⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        471⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        472⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        473⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        474⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        475⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        476⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        477⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        478⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        479⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        480⤵
        System Location Discovery: System Language Discovery
        
        PID:11308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        481⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        482⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        483⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        484⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        485⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        486⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        487⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        488⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        489⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        490⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        491⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        492⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        493⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        494⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        495⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        496⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        497⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        498⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        499⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        500⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        501⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        502⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        503⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        504⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        505⤵
        System Location Discovery: System Language Discovery
        
        PID:11696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        506⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        507⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        508⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        509⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        510⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        511⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        512⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        513⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        514⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        515⤵
        System Location Discovery: System Language Discovery
        
        PID:11856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        516⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        517⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        518⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        519⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        520⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        521⤵
        System Location Discovery: System Language Discovery
        
        PID:11948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        522⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        523⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        524⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        525⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        526⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        527⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        528⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        529⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        530⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        531⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        532⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        533⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        534⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        535⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        536⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        537⤵
        System Location Discovery: System Language Discovery
        
        PID:12228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        538⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        539⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        540⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        541⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        542⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        543⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        544⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        545⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        546⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        547⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        548⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        549⤵
        System Location Discovery: System Language Discovery
        
        PID:12436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        550⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        551⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        552⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        553⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        554⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        555⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        556⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        557⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        558⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        559⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        560⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        561⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        562⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        563⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        564⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        565⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        566⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        567⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        568⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        569⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        570⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        571⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        572⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        573⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        574⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        575⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        576⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        577⤵
        System Location Discovery: System Language Discovery
        
        PID:12880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        578⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        579⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        580⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        581⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        582⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        583⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        584⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        585⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        586⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        587⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        588⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        589⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        590⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        591⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        592⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        593⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        594⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        595⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        596⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        597⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        598⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        599⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        600⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        601⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        602⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        603⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        604⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        605⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        606⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        607⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        608⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        609⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        610⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        611⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        612⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        613⤵
        
        PID:13344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        614⤵
        
        PID:13360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        615⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        616⤵
        
        PID:13392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        617⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        618⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        619⤵
        System Location Discovery: System Language Discovery
        
        PID:13440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        620⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        621⤵
        
        PID:13472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        622⤵
        
        PID:13488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        623⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        624⤵
        
        PID:13520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        625⤵
        
        PID:13536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        626⤵
        
        PID:13552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        627⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        628⤵
        
        PID:13584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        629⤵
        
        PID:13596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        630⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        631⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        632⤵
        
        PID:13648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        633⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        634⤵
        
        PID:13676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        635⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        636⤵
        System Location Discovery: System Language Discovery
        
        PID:13708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        637⤵
        
        PID:13724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        638⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        639⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        640⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        641⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        642⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        643⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        644⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        645⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        646⤵
        System Location Discovery: System Language Discovery
        
        PID:13868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        647⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        648⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        649⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        650⤵
        
        PID:13936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        651⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        652⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        653⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        654⤵
        
        PID:13992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        655⤵
        
        PID:14004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        656⤵
        System Location Discovery: System Language Discovery
        
        PID:14020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        657⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        658⤵
        
        PID:14052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        659⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        660⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        661⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        662⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        663⤵
        
        PID:14124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        664⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        665⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        666⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        667⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        668⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        669⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        670⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        671⤵
        
        PID:14248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        672⤵
        
        PID:14264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        673⤵
        
        PID:14280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        674⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        675⤵
        
        PID:14316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        676⤵
        
        PID:14332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        677⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        678⤵
        
        PID:14344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        679⤵
        
        PID:14364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        680⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        681⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        682⤵
        System Location Discovery: System Language Discovery
        
        PID:14412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        683⤵
        
        PID:14428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        684⤵
        System Location Discovery: System Language Discovery
        
        PID:14440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        685⤵
        
        PID:14456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        686⤵
        
        PID:14468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        687⤵
        
        PID:14480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        688⤵
        
        PID:14500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        689⤵
        
        PID:14512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        690⤵
        
        PID:14528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        691⤵
        
        PID:14540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        692⤵
        
        PID:14556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        693⤵
        
        PID:14568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        694⤵
        
        PID:14580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        695⤵
        
        PID:14596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        696⤵
        
        PID:14608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        697⤵
        
        PID:14624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        698⤵
        
        PID:14640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        699⤵
        
        PID:14656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        700⤵
        
        PID:14672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        701⤵
        
        PID:14688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        702⤵
        System Location Discovery: System Language Discovery
        
        PID:14704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        703⤵
        
        PID:14716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        704⤵
        
        PID:14732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        705⤵
        System Location Discovery: System Language Discovery
        
        PID:14744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        706⤵
        
        PID:14756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        707⤵
        
        PID:14768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        708⤵
        
        PID:14784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        709⤵
        
        PID:14800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        710⤵
        
        PID:14816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        711⤵
        
        PID:14832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        712⤵
        
        PID:14848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        713⤵
        
        PID:14864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        714⤵
        
        PID:14876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        715⤵
        
        PID:14892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        716⤵
        
        PID:14908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        717⤵
        
        PID:14924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        718⤵
        
        PID:14936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        719⤵
        
        PID:14956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        720⤵
        
        PID:14972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        721⤵
        
        PID:14988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        722⤵
        
        PID:15000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        723⤵
        
        PID:15016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        724⤵
        
        PID:15032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        725⤵
        
        PID:15048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        726⤵
        
        PID:15064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        727⤵
        
        PID:15076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        728⤵
        
        PID:15096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        729⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        730⤵
        
        PID:15128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        731⤵
        
        PID:15144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        732⤵
        
        PID:15156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        733⤵
        
        PID:15172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        734⤵
        
        PID:15188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        735⤵
        
        PID:15200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        736⤵
        System Location Discovery: System Language Discovery
        
        PID:15212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        737⤵
        System Location Discovery: System Language Discovery
        
        PID:15228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        738⤵
        
        PID:15244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        739⤵
        
        PID:15260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        740⤵
        
        PID:15276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        741⤵
        System Location Discovery: System Language Discovery
        
        PID:15292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        742⤵
        
        PID:15308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        743⤵
        
        PID:15324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        744⤵
        
        PID:15340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        745⤵
        
        PID:15356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        746⤵
        
        PID:15364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        747⤵
        
        PID:15384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        748⤵
        
        PID:15400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        749⤵
        System Location Discovery: System Language Discovery
        
        PID:15416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        750⤵
        System Location Discovery: System Language Discovery
        
        PID:15432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        751⤵
        
        PID:15448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        752⤵
        
        PID:15464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        753⤵
        
        PID:15484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        754⤵
        
        PID:15500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        755⤵
        
        PID:15516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        756⤵
        
        PID:15532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        757⤵
        
        PID:15548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        758⤵
        
        PID:15560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        759⤵
        
        PID:15580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        760⤵
        
        PID:15596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        761⤵
        
        PID:15612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        762⤵
        
        PID:15624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        763⤵
        
        PID:15644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        764⤵
        
        PID:15660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        765⤵
        
        PID:15676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        766⤵
        
        PID:15692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        767⤵
        
        PID:15708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        768⤵
        
        PID:15740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        769⤵
        
        PID:15756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        770⤵
        
        PID:15772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        771⤵
        
        PID:15788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        772⤵
        
        PID:15804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        773⤵
        
        PID:15820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        774⤵
        
        PID:15836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        775⤵
        
        PID:15852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        776⤵
        
        PID:15864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        777⤵
        
        PID:15880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        778⤵
        
        PID:15896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        779⤵
        
        PID:15912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        780⤵
        
        PID:15924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        781⤵
        
        PID:15940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        782⤵
        
        PID:15956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        783⤵
        
        PID:15972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        784⤵
        
        PID:15984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        785⤵
        
        PID:16000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        786⤵
        
        PID:16016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        787⤵
        
        PID:16032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        788⤵
        
        PID:16044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        789⤵
        
        PID:16060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        790⤵
        
        PID:16076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        791⤵
        
        PID:16092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        792⤵
        
        PID:16104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        793⤵
        
        PID:16120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        794⤵
        
        PID:16136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        795⤵
        
        PID:16152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        796⤵
        
        PID:16168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        797⤵
        
        PID:16184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        798⤵
        
        PID:16200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        799⤵
        
        PID:16216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        800⤵
        
        PID:16232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        801⤵
        
        PID:16244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        802⤵
        
        PID:16268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        803⤵
        
        PID:16284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        804⤵
        
        PID:16300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        805⤵
        
        PID:16312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        806⤵
        
        PID:16328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        807⤵
        
        PID:16344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        808⤵
        
        PID:16360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        809⤵
        
        PID:16372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        810⤵
        
        PID:15472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        811⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        812⤵
        
        PID:640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        813⤵
        
        PID:16396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        814⤵
        
        PID:16412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        815⤵
        
        PID:16428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        816⤵
        
        PID:16444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        817⤵
        
        PID:16456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        818⤵
        System Location Discovery: System Language Discovery
        
        PID:16472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        819⤵
        
        PID:16488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        820⤵
        
        PID:16504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        821⤵
        System Location Discovery: System Language Discovery
        
        PID:16520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        822⤵
        
        PID:16536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        823⤵
        
        PID:16548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        824⤵
        
        PID:16560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        825⤵
        System Location Discovery: System Language Discovery
        
        PID:16572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        826⤵
        
        PID:16588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        827⤵
        
        PID:16600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        828⤵
        
        PID:16620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        829⤵
        
        PID:16636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        830⤵
        
        PID:16648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        831⤵
        
        PID:16664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        832⤵
        
        PID:16680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        833⤵
        
        PID:16696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        834⤵
        
        PID:16708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        835⤵
        
        PID:16728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        836⤵
        
        PID:16744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        837⤵
        
        PID:16756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        838⤵
        
        PID:16776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        839⤵
        System Location Discovery: System Language Discovery
        
        PID:16788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        840⤵
        
        PID:16804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        841⤵
        
        PID:16816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        842⤵
        
        PID:16828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        843⤵
        
        PID:16840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        844⤵
        
        PID:16856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        845⤵
        
        PID:16868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        846⤵
        
        PID:16888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        847⤵
        
        PID:16904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        848⤵
        
        PID:16920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        849⤵
        
        PID:16932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        850⤵
        
        PID:16948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        851⤵
        
        PID:16964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        852⤵
        
        PID:16980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        853⤵
        
        PID:16996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        854⤵
        
        PID:17012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        855⤵
        
        PID:17028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        856⤵
        
        PID:17040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        857⤵
        
        PID:17056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        858⤵
        
        PID:17072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        859⤵
        
        PID:17088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        860⤵
        
        PID:17104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        861⤵
        System Location Discovery: System Language Discovery
        
        PID:17116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        862⤵
        
        PID:17128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        863⤵
        
        PID:17144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        864⤵
        
        PID:17156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        865⤵
        
        PID:17176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        866⤵
        
        PID:17192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        867⤵
        
        PID:17208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        868⤵
        System Location Discovery: System Language Discovery
        
        PID:17224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        869⤵
        
        PID:17240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        870⤵
        
        PID:17256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        871⤵
        
        PID:17268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        872⤵
        
        PID:17284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        873⤵
        
        PID:17300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        874⤵
        
        PID:17316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        875⤵
        
        PID:17332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\bae1554a661bba058b7ba9a61fed42ba_JaffaCakes118.dll,#1
        876⤵
        
        PID:17348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/17348-0-0x00000000759C0000-0x0000000075C44000-memory.dmp

Filesize
2.5MB

Download