c90dd7f986c701400fc6060d836936cec67482f370f841a5f9f2fb674f989bd9

Analysis

max time kernel
100s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll
Size

320KB
MD5

e72bd5358d4c9c77f3701a10fa68d458
SHA1

6f15c9fae18691ff3bb6c924f70b1bdb17bc5db4
SHA256

c90dd7f986c701400fc6060d836936cec67482f370f841a5f9f2fb674f989bd9
SHA512

f4fc173e05dbed75a83ad88e42c20a2bedf60c15e853a442cb276c9256a87a9a9f60753e34bed98bb460ff3d84206cfc5085c808385285130cc2a727d805c1b8
SSDEEP

3072:4d7qRgouEcW8Hgz/lGUbeWSM1wyRPhRDg3LOk9tXP4:4uFEVYdGawWB8OYtXA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16892	dwm.exe
Token: SeChangeNotifyPrivilege	16892	dwm.exe
Token: 33	16892	dwm.exe
Token: SeIncBasePriorityPrivilege	16892	dwm.exe
Token: SeShutdownPrivilege	16892	dwm.exe
Token: SeCreatePagefilePrivilege	16892	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 3844	4420	rundll32.exe	82
PID 4420 wrote to memory of 3844	4420	rundll32.exe	82
PID 4420 wrote to memory of 3844	4420	rundll32.exe	82
PID 3844 wrote to memory of 5000	3844	rundll32.exe	83
PID 3844 wrote to memory of 5000	3844	rundll32.exe	83
PID 3844 wrote to memory of 5000	3844	rundll32.exe	83
PID 5000 wrote to memory of 2508	5000	rundll32.exe	84
PID 5000 wrote to memory of 2508	5000	rundll32.exe	84
PID 5000 wrote to memory of 2508	5000	rundll32.exe	84
PID 2508 wrote to memory of 2008	2508	rundll32.exe	85
PID 2508 wrote to memory of 2008	2508	rundll32.exe	85
PID 2508 wrote to memory of 2008	2508	rundll32.exe	85
PID 2008 wrote to memory of 1752	2008	rundll32.exe	86
PID 2008 wrote to memory of 1752	2008	rundll32.exe	86
PID 2008 wrote to memory of 1752	2008	rundll32.exe	86
PID 1752 wrote to memory of 3064	1752	rundll32.exe	87
PID 1752 wrote to memory of 3064	1752	rundll32.exe	87
PID 1752 wrote to memory of 3064	1752	rundll32.exe	87
PID 3064 wrote to memory of 4556	3064	rundll32.exe	88
PID 3064 wrote to memory of 4556	3064	rundll32.exe	88
PID 3064 wrote to memory of 4556	3064	rundll32.exe	88
PID 4556 wrote to memory of 396	4556	rundll32.exe	89
PID 4556 wrote to memory of 396	4556	rundll32.exe	89
PID 4556 wrote to memory of 396	4556	rundll32.exe	89
PID 396 wrote to memory of 3728	396	rundll32.exe	90
PID 396 wrote to memory of 3728	396	rundll32.exe	90
PID 396 wrote to memory of 3728	396	rundll32.exe	90
PID 3728 wrote to memory of 4944	3728	rundll32.exe	91
PID 3728 wrote to memory of 4944	3728	rundll32.exe	91
PID 3728 wrote to memory of 4944	3728	rundll32.exe	91
PID 4944 wrote to memory of 2752	4944	rundll32.exe	92
PID 4944 wrote to memory of 2752	4944	rundll32.exe	92
PID 4944 wrote to memory of 2752	4944	rundll32.exe	92
PID 2752 wrote to memory of 5068	2752	rundll32.exe	93
PID 2752 wrote to memory of 5068	2752	rundll32.exe	93
PID 2752 wrote to memory of 5068	2752	rundll32.exe	93
PID 5068 wrote to memory of 764	5068	rundll32.exe	94
PID 5068 wrote to memory of 764	5068	rundll32.exe	94
PID 5068 wrote to memory of 764	5068	rundll32.exe	94
PID 764 wrote to memory of 4112	764	rundll32.exe	95
PID 764 wrote to memory of 4112	764	rundll32.exe	95
PID 764 wrote to memory of 4112	764	rundll32.exe	95
PID 4112 wrote to memory of 2520	4112	rundll32.exe	96
PID 4112 wrote to memory of 2520	4112	rundll32.exe	96
PID 4112 wrote to memory of 2520	4112	rundll32.exe	96
PID 2520 wrote to memory of 3184	2520	rundll32.exe	97
PID 2520 wrote to memory of 3184	2520	rundll32.exe	97
PID 2520 wrote to memory of 3184	2520	rundll32.exe	97
PID 3184 wrote to memory of 2980	3184	rundll32.exe	98
PID 3184 wrote to memory of 2980	3184	rundll32.exe	98
PID 3184 wrote to memory of 2980	3184	rundll32.exe	98
PID 2980 wrote to memory of 440	2980	rundll32.exe	99
PID 2980 wrote to memory of 440	2980	rundll32.exe	99
PID 2980 wrote to memory of 440	2980	rundll32.exe	99
PID 440 wrote to memory of 1460	440	rundll32.exe	100
PID 440 wrote to memory of 1460	440	rundll32.exe	100
PID 440 wrote to memory of 1460	440	rundll32.exe	100
PID 1460 wrote to memory of 2192	1460	rundll32.exe	101
PID 1460 wrote to memory of 2192	1460	rundll32.exe	101
PID 1460 wrote to memory of 2192	1460	rundll32.exe	101
PID 2192 wrote to memory of 4824	2192	rundll32.exe	102
PID 2192 wrote to memory of 4824	2192	rundll32.exe	102
PID 2192 wrote to memory of 4824	2192	rundll32.exe	102
PID 4824 wrote to memory of 2180	4824	rundll32.exe	103

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3844
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5000
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2508
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2008
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:3064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:3728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        11⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:2752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:5068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:4112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:2520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:3184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:2980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:1460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:2192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:4824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        23⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        24⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        25⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        26⤵
        
        PID:468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        27⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        28⤵
        
        PID:228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        29⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:2040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        31⤵
        
        PID:380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        32⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        33⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        34⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        35⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        36⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        37⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        38⤵
        
        PID:740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        39⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        40⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        41⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        42⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        43⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        44⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        45⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        46⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        47⤵
        
        PID:808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        48⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        49⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        50⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        52⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        53⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        54⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        55⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        56⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        58⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        59⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        60⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        61⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        62⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        63⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        64⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        65⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        66⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        68⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        70⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        71⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        72⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        73⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        74⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        75⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        76⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        77⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        78⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        79⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        80⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        81⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        82⤵
        
        PID:704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        83⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        84⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        85⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        86⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        87⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        88⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        89⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        90⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        91⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        92⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        93⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        94⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        95⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        96⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        97⤵
        
        PID:640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        98⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        99⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        100⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        101⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        102⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        103⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        104⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        105⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        106⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        107⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        108⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        109⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        110⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        111⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        112⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        113⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        114⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:1032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        116⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        117⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        118⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        119⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        120⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        121⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        122⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        123⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        124⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        125⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        126⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        127⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        128⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        129⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        130⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        131⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        132⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        133⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        134⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        135⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        136⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        137⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        138⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        139⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        140⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        141⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        142⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        143⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        144⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        145⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        146⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        147⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        148⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        149⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        150⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        151⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        152⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        153⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        154⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        155⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        156⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        157⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        158⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        159⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        160⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        161⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        162⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        163⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        164⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        165⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        166⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        167⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        168⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        169⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        170⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        171⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        172⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        173⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        174⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        175⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        176⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        177⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        178⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        179⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        180⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        181⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        182⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        183⤵
        System Location Discovery: System Language Discovery
        
        PID:6116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        184⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        185⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        186⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:6180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        188⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        189⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        190⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        191⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        192⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        193⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        194⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        195⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        196⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        197⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        198⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        199⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        200⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        201⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        202⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        203⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        204⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        205⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        206⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        207⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        208⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        209⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        210⤵
        System Location Discovery: System Language Discovery
        
        PID:6512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        211⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        212⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        213⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        214⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        215⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        216⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        217⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        218⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        219⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        220⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        221⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        222⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        223⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        224⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        225⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        226⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        227⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        228⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        229⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        230⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        231⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        232⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        233⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        234⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        235⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        236⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        237⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        238⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        239⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        240⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        241⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        242⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        243⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        244⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        245⤵
        System Location Discovery: System Language Discovery
        
        PID:7096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        246⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        247⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        248⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        249⤵
        System Location Discovery: System Language Discovery
        
        PID:7152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        250⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        251⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        252⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        253⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        254⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        255⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        256⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        257⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        258⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        259⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        260⤵
        System Location Discovery: System Language Discovery
        
        PID:7312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        261⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        262⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        263⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        264⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        265⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        266⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        267⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        268⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        269⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        270⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        271⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        272⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        273⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        274⤵
        System Location Discovery: System Language Discovery
        
        PID:7528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        275⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        276⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        277⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        278⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        279⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        280⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        281⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        282⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        283⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        284⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        285⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        286⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        287⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        288⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        289⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        290⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        291⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        292⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        293⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        294⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        295⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        296⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        297⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        298⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        299⤵
        System Location Discovery: System Language Discovery
        
        PID:7888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        300⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        301⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        302⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        303⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        304⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        305⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        306⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        307⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        308⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        309⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        310⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        311⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        312⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        313⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        314⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        315⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        316⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        317⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        318⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        319⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        320⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        321⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        322⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        323⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        324⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        325⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        326⤵
        System Location Discovery: System Language Discovery
        
        PID:8416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        327⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        328⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        329⤵
        System Location Discovery: System Language Discovery
        
        PID:8476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        330⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        331⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        332⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        333⤵
        System Location Discovery: System Language Discovery
        
        PID:8536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        334⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        335⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        336⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        337⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        338⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        339⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        340⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        341⤵
        System Location Discovery: System Language Discovery
        
        PID:8656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        342⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        343⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        344⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        345⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        346⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        347⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        348⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        349⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        350⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        351⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        352⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        353⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        354⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        355⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        356⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        357⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        358⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        359⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        360⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        361⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        362⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        363⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        364⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        365⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        366⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        367⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        368⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        369⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        370⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        371⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        372⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        373⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        374⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        375⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        376⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        377⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        378⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        379⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        380⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        381⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        382⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        383⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        384⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        385⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        386⤵
        System Location Discovery: System Language Discovery
        
        PID:9300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        387⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        388⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        389⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        390⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        391⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        392⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        393⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        394⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        395⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        396⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        397⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        398⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        399⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        400⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        401⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        402⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        403⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        404⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        405⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        406⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        407⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        408⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        409⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        410⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        411⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        412⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        413⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        414⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        415⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        416⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        417⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        418⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        419⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        420⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        421⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        422⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        423⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        424⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        425⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        426⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        427⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        428⤵
        System Location Discovery: System Language Discovery
        
        PID:9928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        429⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        430⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        431⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        432⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        433⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        434⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        435⤵
        System Location Discovery: System Language Discovery
        
        PID:10080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        436⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        437⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        438⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        439⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        440⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        441⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        442⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        443⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        444⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        445⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        446⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        447⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        448⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        449⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        450⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        451⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        452⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        453⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        454⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        455⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        456⤵
        System Location Discovery: System Language Discovery
        
        PID:10340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        457⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        458⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        459⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        460⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        461⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        462⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        463⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        464⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        465⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        466⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        467⤵
        System Location Discovery: System Language Discovery
        
        PID:10516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        468⤵
        System Location Discovery: System Language Discovery
        
        PID:10528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        469⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        470⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        471⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        472⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        473⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        474⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        475⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        476⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        477⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        478⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        479⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        480⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        481⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        482⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        483⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        484⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        485⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        486⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        487⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        488⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        489⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        490⤵
        System Location Discovery: System Language Discovery
        
        PID:10868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        491⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        492⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        493⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        494⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        495⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        496⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        497⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        498⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        499⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        500⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        501⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        502⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        503⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        504⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        505⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        506⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        507⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        508⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        509⤵
        System Location Discovery: System Language Discovery
        
        PID:11160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        510⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        511⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        512⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        513⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        514⤵
        System Location Discovery: System Language Discovery
        
        PID:11232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        515⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        516⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        517⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        518⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        519⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        520⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        521⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        522⤵
        System Location Discovery: System Language Discovery
        
        PID:11352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        523⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        524⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        525⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        526⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        527⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        528⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        529⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        530⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        531⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        532⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        533⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        534⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        535⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        536⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        537⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        538⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        539⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        540⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        541⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        542⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        543⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        544⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        545⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        546⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        547⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        548⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        549⤵
        System Location Discovery: System Language Discovery
        
        PID:11720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        550⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        551⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        552⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        553⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        554⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        555⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        556⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        557⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        558⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        559⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        560⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        561⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        562⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        563⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        564⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        565⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        566⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        567⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        568⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        569⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        570⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        571⤵
        System Location Discovery: System Language Discovery
        
        PID:12044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        572⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        573⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        574⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        575⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        576⤵
        System Location Discovery: System Language Discovery
        
        PID:12120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        577⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        578⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        579⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        580⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        581⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        582⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        583⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        584⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        585⤵
        System Location Discovery: System Language Discovery
        
        PID:12248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        586⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        587⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        588⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        589⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        590⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        591⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        592⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        593⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        594⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        595⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        596⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        597⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        598⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        599⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        600⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        601⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        602⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        603⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        604⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        605⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        606⤵
        System Location Discovery: System Language Discovery
        
        PID:12552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        607⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        608⤵
        System Location Discovery: System Language Discovery
        
        PID:12580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        609⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        610⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        611⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        612⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        613⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        614⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        615⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        616⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        617⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        618⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        619⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        620⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        621⤵
        System Location Discovery: System Language Discovery
        
        PID:12752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        622⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        623⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        624⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        625⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        626⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        627⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        628⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        629⤵
        System Location Discovery: System Language Discovery
        
        PID:12868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        630⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        631⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        632⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        633⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        634⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        635⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        636⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        637⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        638⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        639⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        640⤵
        System Location Discovery: System Language Discovery
        
        PID:13036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        641⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        642⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        643⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        644⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        645⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        646⤵
        System Location Discovery: System Language Discovery
        
        PID:13124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        647⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        648⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        649⤵
        System Location Discovery: System Language Discovery
        
        PID:13168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        650⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        651⤵
        System Location Discovery: System Language Discovery
        
        PID:13192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        652⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        653⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        654⤵
        System Location Discovery: System Language Discovery
        
        PID:13232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        655⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        656⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        657⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        658⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        659⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        660⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        661⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        662⤵
        
        PID:13344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        663⤵
        
        PID:13356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        664⤵
        
        PID:13372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        665⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        666⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        667⤵
        System Location Discovery: System Language Discovery
        
        PID:13412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        668⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        669⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        670⤵
        
        PID:13452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        671⤵
        
        PID:13468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        672⤵
        
        PID:13480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        673⤵
        
        PID:13492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        674⤵
        
        PID:13508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        675⤵
        System Location Discovery: System Language Discovery
        
        PID:13524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        676⤵
        
        PID:13540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        677⤵
        
        PID:13556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        678⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        679⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        680⤵
        
        PID:13596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        681⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        682⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        683⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        684⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        685⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        686⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        687⤵
        
        PID:13708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        688⤵
        
        PID:13720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        689⤵
        
        PID:13736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        690⤵
        
        PID:13752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        691⤵
        
        PID:13764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        692⤵
        
        PID:13776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        693⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        694⤵
        
        PID:13800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        695⤵
        
        PID:13816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        696⤵
        
        PID:13832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        697⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        698⤵
        
        PID:13864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        699⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        700⤵
        
        PID:13912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        701⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        702⤵
        
        PID:13940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        703⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        704⤵
        
        PID:13972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        705⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        706⤵
        
        PID:14000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        707⤵
        System Location Discovery: System Language Discovery
        
        PID:14016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        708⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        709⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        710⤵
        
        PID:14060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        711⤵
        System Location Discovery: System Language Discovery
        
        PID:14072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        712⤵
        
        PID:14092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        713⤵
        
        PID:14108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        714⤵
        
        PID:14120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        715⤵
        
        PID:14132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        716⤵
        System Location Discovery: System Language Discovery
        
        PID:14152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        717⤵
        
        PID:14168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        718⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        719⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        720⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        721⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        722⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        723⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        724⤵
        
        PID:14268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        725⤵
        System Location Discovery: System Language Discovery
        
        PID:14284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        726⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        727⤵
        
        PID:14316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        728⤵
        
        PID:14332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        729⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        730⤵
        
        PID:14340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        731⤵
        
        PID:14352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        732⤵
        System Location Discovery: System Language Discovery
        
        PID:14368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        733⤵
        
        PID:14384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        734⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        735⤵
        
        PID:14408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        736⤵
        
        PID:14424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        737⤵
        
        PID:14436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        738⤵
        
        PID:14452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        739⤵
        
        PID:14464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        740⤵
        
        PID:14480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        741⤵
        
        PID:14500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        742⤵
        
        PID:14516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        743⤵
        
        PID:14532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        744⤵
        
        PID:14544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        745⤵
        
        PID:14564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        746⤵
        
        PID:14580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        747⤵
        
        PID:14596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        748⤵
        
        PID:14612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        749⤵
        
        PID:14628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        750⤵
        
        PID:14640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        751⤵
        
        PID:14652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        752⤵
        
        PID:14668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        753⤵
        
        PID:14684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        754⤵
        
        PID:14696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        755⤵
        
        PID:14712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        756⤵
        
        PID:14728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        757⤵
        
        PID:14744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        758⤵
        
        PID:14760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        759⤵
        
        PID:14776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        760⤵
        
        PID:14792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        761⤵
        
        PID:14808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        762⤵
        
        PID:14820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        763⤵
        
        PID:14832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        764⤵
        System Location Discovery: System Language Discovery
        
        PID:14848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        765⤵
        System Location Discovery: System Language Discovery
        
        PID:14864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        766⤵
        
        PID:14876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        767⤵
        
        PID:14888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        768⤵
        
        PID:14900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        769⤵
        
        PID:14912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        770⤵
        
        PID:14924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        771⤵
        
        PID:14940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        772⤵
        System Location Discovery: System Language Discovery
        
        PID:14956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        773⤵
        
        PID:14968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        774⤵
        
        PID:14984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        775⤵
        
        PID:15000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        776⤵
        
        PID:15016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        777⤵
        
        PID:15032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        778⤵
        
        PID:15044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        779⤵
        
        PID:15056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        780⤵
        
        PID:15068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        781⤵
        
        PID:15080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        782⤵
        
        PID:15092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        783⤵
        
        PID:15108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        784⤵
        System Location Discovery: System Language Discovery
        
        PID:15124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        785⤵
        
        PID:15136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        786⤵
        
        PID:15152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        787⤵
        
        PID:15168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        788⤵
        
        PID:15180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        789⤵
        
        PID:15192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        790⤵
        
        PID:15204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        791⤵
        
        PID:15216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        792⤵
        
        PID:15228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        793⤵
        
        PID:15240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        794⤵
        
        PID:15252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        795⤵
        
        PID:15268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        796⤵
        System Location Discovery: System Language Discovery
        
        PID:15284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        797⤵
        
        PID:15296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        798⤵
        
        PID:15312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        799⤵
        
        PID:15328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        800⤵
        
        PID:15344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        801⤵
        
        PID:15356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        802⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        803⤵
        
        PID:15376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        804⤵
        
        PID:15388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        805⤵
        
        PID:15404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        806⤵
        
        PID:15420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        807⤵
        
        PID:15432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        808⤵
        
        PID:15448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        809⤵
        
        PID:15464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        810⤵
        
        PID:15476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        811⤵
        
        PID:15492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        812⤵
        
        PID:15508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        813⤵
        
        PID:15524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        814⤵
        
        PID:15544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        815⤵
        
        PID:15556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        816⤵
        
        PID:15572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        817⤵
        
        PID:15588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        818⤵
        
        PID:15604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        819⤵
        System Location Discovery: System Language Discovery
        
        PID:15620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        820⤵
        
        PID:15636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        821⤵
        
        PID:15648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        822⤵
        
        PID:15664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        823⤵
        
        PID:15680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        824⤵
        
        PID:15692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        825⤵
        
        PID:15708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        826⤵
        
        PID:15724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        827⤵
        
        PID:15736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        828⤵
        
        PID:15748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        829⤵
        
        PID:15760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        830⤵
        
        PID:15772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        831⤵
        
        PID:15788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        832⤵
        
        PID:15804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        833⤵
        
        PID:15820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        834⤵
        
        PID:15832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        835⤵
        
        PID:15844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        836⤵
        System Location Discovery: System Language Discovery
        
        PID:15856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        837⤵
        
        PID:15872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        838⤵
        
        PID:15888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        839⤵
        
        PID:15904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        840⤵
        
        PID:15920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        841⤵
        
        PID:15936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        842⤵
        
        PID:15948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        843⤵
        
        PID:15964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        844⤵
        
        PID:15980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        845⤵
        
        PID:15996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        846⤵
        
        PID:16012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        847⤵
        
        PID:16024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        848⤵
        
        PID:16040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        849⤵
        
        PID:16056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        850⤵
        
        PID:16072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        851⤵
        
        PID:16088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        852⤵
        
        PID:16104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        853⤵
        
        PID:16120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        854⤵
        System Location Discovery: System Language Discovery
        
        PID:16136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        855⤵
        
        PID:16152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        856⤵
        
        PID:16168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        857⤵
        
        PID:16184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        858⤵
        
        PID:16200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        859⤵
        
        PID:16216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        860⤵
        
        PID:16236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        861⤵
        
        PID:16252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        862⤵
        System Location Discovery: System Language Discovery
        
        PID:16268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        863⤵
        
        PID:16284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        864⤵
        
        PID:16300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        865⤵
        
        PID:16316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        866⤵
        
        PID:16332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        867⤵
        
        PID:16348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        868⤵
        
        PID:16364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        869⤵
        
        PID:16380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        870⤵
        System Location Discovery: System Language Discovery
        
        PID:16392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        871⤵
        
        PID:16408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        872⤵
        
        PID:16420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        873⤵
        
        PID:16436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        874⤵
        
        PID:16448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        875⤵
        
        PID:16464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        876⤵
        
        PID:16476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        877⤵
        
        PID:16492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        878⤵
        System Location Discovery: System Language Discovery
        
        PID:16504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        879⤵
        
        PID:16524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        880⤵
        
        PID:16536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        881⤵
        
        PID:16552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        882⤵
        
        PID:16568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        883⤵
        
        PID:16580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        884⤵
        
        PID:16592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        885⤵
        
        PID:16608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        886⤵
        
        PID:16624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        887⤵
        
        PID:16640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        888⤵
        
        PID:16656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        889⤵
        
        PID:16668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        890⤵
        
        PID:16684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\e72bd5358d4c9c77f3701a10fa68d458_JaffaCakes118.dll,#1
        891⤵
        
        PID:16700

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/16624-3-0x0000000074F10000-0x0000000075194000-memory.dmp

Filesize
2.5MB

Download
memory/16640-2-0x0000000074F10000-0x0000000075194000-memory.dmp

Filesize
2.5MB

Download
memory/16656-1-0x0000000074F10000-0x0000000075194000-memory.dmp

Filesize
2.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads