1a8e248346fe1d8ceb1d3454d3aad5a23b4633d6bc25e96fe785920a1e01ad3d

Analysis

max time kernel
31s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 18:50

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll
Size

24KB
MD5

a3b7ec9ba9c3d282643ecc626d7a9ca4
SHA1

aac7e84490cf9cd6bee6157a109af9e1dc58d66e
SHA256

1a8e248346fe1d8ceb1d3454d3aad5a23b4633d6bc25e96fe785920a1e01ad3d
SHA512

b7c52179a2c5bcf80272428d66143ae5be6e66d866c4070412b4f0c376d771a310d6abe8e79f47da33987a24b08c23e57b2aea2e702d6cf9922bc04a86b55edc
SSDEEP

768:R3HaEWPv/528clNsNaC9z4MjbrM8HfTxzP:wB/UdYNXGGrM8H7t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2684	2424	rundll32.exe	84
PID 2424 wrote to memory of 2684	2424	rundll32.exe	84
PID 2424 wrote to memory of 2684	2424	rundll32.exe	84
PID 2684 wrote to memory of 4996	2684	rundll32.exe	85
PID 2684 wrote to memory of 4996	2684	rundll32.exe	85
PID 2684 wrote to memory of 4996	2684	rundll32.exe	85
PID 4996 wrote to memory of 1572	4996	rundll32.exe	86
PID 4996 wrote to memory of 1572	4996	rundll32.exe	86
PID 4996 wrote to memory of 1572	4996	rundll32.exe	86
PID 1572 wrote to memory of 4960	1572	rundll32.exe	87
PID 1572 wrote to memory of 4960	1572	rundll32.exe	87
PID 1572 wrote to memory of 4960	1572	rundll32.exe	87
PID 4960 wrote to memory of 2960	4960	rundll32.exe	88
PID 4960 wrote to memory of 2960	4960	rundll32.exe	88
PID 4960 wrote to memory of 2960	4960	rundll32.exe	88
PID 2960 wrote to memory of 1432	2960	rundll32.exe	89
PID 2960 wrote to memory of 1432	2960	rundll32.exe	89
PID 2960 wrote to memory of 1432	2960	rundll32.exe	89
PID 1432 wrote to memory of 4436	1432	rundll32.exe	90
PID 1432 wrote to memory of 4436	1432	rundll32.exe	90
PID 1432 wrote to memory of 4436	1432	rundll32.exe	90
PID 4436 wrote to memory of 3004	4436	rundll32.exe	91
PID 4436 wrote to memory of 3004	4436	rundll32.exe	91
PID 4436 wrote to memory of 3004	4436	rundll32.exe	91
PID 3004 wrote to memory of 4668	3004	rundll32.exe	92
PID 3004 wrote to memory of 4668	3004	rundll32.exe	92
PID 3004 wrote to memory of 4668	3004	rundll32.exe	92
PID 4668 wrote to memory of 2396	4668	rundll32.exe	93
PID 4668 wrote to memory of 2396	4668	rundll32.exe	93
PID 4668 wrote to memory of 2396	4668	rundll32.exe	93
PID 2396 wrote to memory of 772	2396	rundll32.exe	94
PID 2396 wrote to memory of 772	2396	rundll32.exe	94
PID 2396 wrote to memory of 772	2396	rundll32.exe	94
PID 772 wrote to memory of 4076	772	rundll32.exe	95
PID 772 wrote to memory of 4076	772	rundll32.exe	95
PID 772 wrote to memory of 4076	772	rundll32.exe	95
PID 4076 wrote to memory of 2452	4076	rundll32.exe	96
PID 4076 wrote to memory of 2452	4076	rundll32.exe	96
PID 4076 wrote to memory of 2452	4076	rundll32.exe	96
PID 2452 wrote to memory of 2016	2452	rundll32.exe	97
PID 2452 wrote to memory of 2016	2452	rundll32.exe	97
PID 2452 wrote to memory of 2016	2452	rundll32.exe	97
PID 2016 wrote to memory of 4328	2016	rundll32.exe	98
PID 2016 wrote to memory of 4328	2016	rundll32.exe	98
PID 2016 wrote to memory of 4328	2016	rundll32.exe	98
PID 4328 wrote to memory of 3296	4328	rundll32.exe	99
PID 4328 wrote to memory of 3296	4328	rundll32.exe	99
PID 4328 wrote to memory of 3296	4328	rundll32.exe	99
PID 3296 wrote to memory of 1296	3296	rundll32.exe	100
PID 3296 wrote to memory of 1296	3296	rundll32.exe	100
PID 3296 wrote to memory of 1296	3296	rundll32.exe	100
PID 1296 wrote to memory of 4816	1296	rundll32.exe	101
PID 1296 wrote to memory of 4816	1296	rundll32.exe	101
PID 1296 wrote to memory of 4816	1296	rundll32.exe	101
PID 4816 wrote to memory of 3084	4816	rundll32.exe	102
PID 4816 wrote to memory of 3084	4816	rundll32.exe	102
PID 4816 wrote to memory of 3084	4816	rundll32.exe	102
PID 3084 wrote to memory of 4820	3084	rundll32.exe	103
PID 3084 wrote to memory of 4820	3084	rundll32.exe	103
PID 3084 wrote to memory of 4820	3084	rundll32.exe	103
PID 4820 wrote to memory of 452	4820	rundll32.exe	104
PID 4820 wrote to memory of 452	4820	rundll32.exe	104
PID 4820 wrote to memory of 452	4820	rundll32.exe	104
PID 452 wrote to memory of 840	452	rundll32.exe	106

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4996
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1572
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4960
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:1432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        9⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:2396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:4076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:2452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:2016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:3296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:1296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:4816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:3084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:4820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        23⤵
        
        PID:840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        25⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        27⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        28⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        29⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        30⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        31⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        32⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        33⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        34⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        35⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        36⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        37⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        38⤵
        
        PID:532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        39⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        40⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        41⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        42⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        43⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        44⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        45⤵
        
        PID:264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        46⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        47⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        48⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        49⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        50⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        51⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        52⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        53⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        54⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        55⤵
        
        PID:336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        56⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        57⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        58⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        60⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        61⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        62⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        63⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        64⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        65⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        66⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        67⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        68⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        70⤵
        
        PID:216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        71⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        72⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        73⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        74⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        75⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        76⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        77⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        78⤵
        
        PID:676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        79⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        80⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        81⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        82⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        83⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        84⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        85⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        86⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:5136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        88⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        89⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        90⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        91⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        92⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        93⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        94⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        95⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        96⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        97⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        98⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        99⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        100⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        101⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        102⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        103⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        104⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        105⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        106⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        107⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        108⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        109⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        110⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        111⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        112⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        113⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        114⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        115⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        116⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        117⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        118⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        119⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        120⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        121⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        122⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        123⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        124⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        125⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        126⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        127⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        128⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        131⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        132⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        133⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        134⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        135⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        136⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:5932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        138⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        139⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        140⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        141⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        143⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        144⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        145⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        146⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        148⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        149⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        150⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        151⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        152⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        153⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        154⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        155⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        156⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        157⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        158⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        159⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        160⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        161⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        162⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        163⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        164⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        165⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        166⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        167⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        168⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        169⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        170⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        171⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        172⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        173⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        174⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        175⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        176⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        177⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        178⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        179⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        180⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        181⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        182⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        183⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        184⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        185⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        186⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        187⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        188⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        189⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        190⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        191⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        192⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        193⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        194⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        195⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        196⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        197⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        198⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        199⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        200⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        201⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        202⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        203⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        204⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        205⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        206⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        207⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        208⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        209⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        210⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        211⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        212⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        213⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        214⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        215⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        216⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        217⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        218⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        219⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        220⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        221⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        222⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        223⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        224⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        225⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        226⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        227⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        228⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        229⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        230⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        231⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        232⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        233⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        234⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        235⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        236⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        237⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        238⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        239⤵
        System Location Discovery: System Language Discovery
        
        PID:7452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        240⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        241⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        242⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        243⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        244⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        245⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        246⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        247⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        248⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        249⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        250⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        251⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        252⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        253⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        254⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        255⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        256⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        257⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        258⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        259⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        260⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        261⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        262⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        263⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        264⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        265⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        266⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        267⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        268⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        269⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        270⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        271⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        272⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        273⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        274⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        275⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        276⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        277⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        278⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        279⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        280⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        281⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        282⤵
        System Location Discovery: System Language Discovery
        
        PID:8172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        283⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        284⤵
        
        PID:440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        285⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        286⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        287⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        288⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        289⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        290⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        291⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        292⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        293⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        294⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        295⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        296⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        297⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        298⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        299⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        300⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        301⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        302⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        303⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        304⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        305⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        306⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        307⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        308⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        309⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        310⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        311⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        312⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        313⤵
        System Location Discovery: System Language Discovery
        
        PID:8632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        314⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        315⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        316⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        317⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        318⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        319⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        320⤵
        System Location Discovery: System Language Discovery
        
        PID:8744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        321⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        322⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        323⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        324⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        325⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        326⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        327⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        328⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        329⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        330⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        331⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        332⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        333⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        334⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        335⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        336⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        337⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        338⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        339⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        340⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        341⤵
        System Location Discovery: System Language Discovery
        
        PID:9092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        342⤵
        System Location Discovery: System Language Discovery
        
        PID:9108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        343⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        344⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        345⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        346⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        347⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        348⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        349⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        350⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        351⤵
        
        PID:880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        352⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        353⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        354⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        355⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        356⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        357⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        358⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        359⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        360⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        361⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        362⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        363⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        364⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        365⤵
        System Location Discovery: System Language Discovery
        
        PID:9328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        366⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        367⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        368⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        369⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        370⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        371⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        372⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        373⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        374⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        375⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        376⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        377⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        378⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        379⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        380⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        381⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        382⤵
        System Location Discovery: System Language Discovery
        
        PID:9588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        383⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        384⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        385⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        386⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        387⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        388⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        389⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        390⤵
        System Location Discovery: System Language Discovery
        
        PID:9712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        391⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        392⤵
        System Location Discovery: System Language Discovery
        
        PID:9736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        393⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        394⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        395⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        396⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        397⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        398⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        399⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        400⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        401⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        402⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        403⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        404⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        405⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        406⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        407⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        408⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        409⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        410⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        411⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        412⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        413⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        414⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        415⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        416⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        417⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        418⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        419⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        420⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        421⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        422⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        423⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        424⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        425⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        426⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        427⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        428⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        429⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        430⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        431⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        432⤵
        System Location Discovery: System Language Discovery
        
        PID:10312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        433⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        434⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        435⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        436⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        437⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        438⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        439⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        440⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        441⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        442⤵
        System Location Discovery: System Language Discovery
        
        PID:10464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        443⤵
        System Location Discovery: System Language Discovery
        
        PID:10480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        444⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        445⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        446⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        447⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        448⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        449⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        450⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        451⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        452⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        453⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        454⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        455⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        456⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        457⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        458⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        459⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        460⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        461⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        462⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        463⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        464⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        465⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        466⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        467⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        468⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        469⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        470⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        471⤵
        System Location Discovery: System Language Discovery
        
        PID:11040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        472⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        473⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        474⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        475⤵
        System Location Discovery: System Language Discovery
        
        PID:11104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        476⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        477⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        478⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        479⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        480⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        481⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        482⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        483⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        484⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        485⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        486⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        487⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        488⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        489⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        490⤵
        System Location Discovery: System Language Discovery
        
        PID:11332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        491⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        492⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        493⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        494⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        495⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        496⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        497⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        498⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        499⤵
        System Location Discovery: System Language Discovery
        
        PID:11468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        500⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        501⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        502⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        503⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        504⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        505⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        506⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        507⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        508⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        509⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        510⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        511⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        512⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        513⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        514⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        515⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        516⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        517⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        518⤵
        System Location Discovery: System Language Discovery
        
        PID:11752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        519⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        520⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        521⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        522⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        523⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        524⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        525⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        526⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        527⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        528⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        529⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        530⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        531⤵
        System Location Discovery: System Language Discovery
        
        PID:11956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        532⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        533⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        534⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        535⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        536⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        537⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        538⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        539⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        540⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        541⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        542⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        543⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        544⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        545⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        546⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        547⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        548⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        549⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        550⤵
        System Location Discovery: System Language Discovery
        
        PID:12248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        551⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        552⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        553⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        554⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        555⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        556⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        557⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        558⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        559⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        560⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        561⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        562⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        563⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        564⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        565⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        566⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        567⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        568⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        569⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        570⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        571⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        572⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        573⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        574⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        575⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        576⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        577⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        578⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        579⤵
        System Location Discovery: System Language Discovery
        
        PID:12696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        580⤵
        System Location Discovery: System Language Discovery
        
        PID:12708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        581⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        582⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        583⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        584⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        585⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        586⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        587⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        588⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        589⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        590⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        591⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        592⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        593⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        594⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        595⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        596⤵
        System Location Discovery: System Language Discovery
        
        PID:12960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        597⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        598⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        599⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        600⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        601⤵
        System Location Discovery: System Language Discovery
        
        PID:13032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        602⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        603⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        604⤵
        System Location Discovery: System Language Discovery
        
        PID:13076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        605⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        606⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        607⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        608⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        609⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        610⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        611⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        612⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        613⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        614⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        615⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        616⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        617⤵
        System Location Discovery: System Language Discovery
        
        PID:13272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        618⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        619⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        620⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        621⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        622⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        623⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        624⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        625⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        626⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        627⤵
        
        PID:13356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        628⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        629⤵
        System Location Discovery: System Language Discovery
        
        PID:13380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        630⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        631⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        632⤵
        
        PID:13420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        633⤵
        
        PID:13440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        634⤵
        
        PID:13452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        635⤵
        
        PID:13468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        636⤵
        System Location Discovery: System Language Discovery
        
        PID:13484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        637⤵
        
        PID:13500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        638⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        639⤵
        
        PID:13532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        640⤵
        
        PID:13548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        641⤵
        
        PID:13564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        642⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        643⤵
        
        PID:13596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        644⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        645⤵
        System Location Discovery: System Language Discovery
        
        PID:13632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        646⤵
        
        PID:13648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        647⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        648⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        649⤵
        System Location Discovery: System Language Discovery
        
        PID:13696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        650⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        651⤵
        
        PID:13724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        652⤵
        
        PID:13744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        653⤵
        
        PID:13760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        654⤵
        
        PID:13776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        655⤵
        
        PID:13792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        656⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        657⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        658⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        659⤵
        System Location Discovery: System Language Discovery
        
        PID:13852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        660⤵
        
        PID:13868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        661⤵
        System Location Discovery: System Language Discovery
        
        PID:13884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        662⤵
        
        PID:13896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        663⤵
        
        PID:13908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        664⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        665⤵
        
        PID:13936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        666⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        667⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        668⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        669⤵
        System Location Discovery: System Language Discovery
        
        PID:14000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        670⤵
        
        PID:14016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        671⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        672⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        673⤵
        
        PID:14060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        674⤵
        
        PID:14076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        675⤵
        
        PID:14092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        676⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        677⤵
        
        PID:14124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        678⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        679⤵
        
        PID:14156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        680⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        681⤵
        
        PID:14188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        682⤵
        System Location Discovery: System Language Discovery
        
        PID:14204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        683⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        684⤵
        
        PID:14232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        685⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        686⤵
        
        PID:14264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        687⤵
        
        PID:14280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        688⤵
        
        PID:14296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        689⤵
        System Location Discovery: System Language Discovery
        
        PID:14308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        690⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        691⤵
        
        PID:13608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        692⤵
        
        PID:14348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        693⤵
        
        PID:14360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        694⤵
        System Location Discovery: System Language Discovery
        
        PID:14376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        695⤵
        
        PID:14392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        696⤵
        
        PID:14408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        697⤵
        
        PID:14424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        698⤵
        
        PID:14440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        699⤵
        
        PID:14456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        700⤵
        
        PID:14476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        701⤵
        
        PID:14492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        702⤵
        System Location Discovery: System Language Discovery
        
        PID:14508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        703⤵
        
        PID:14524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        704⤵
        
        PID:14540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        705⤵
        
        PID:14556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        706⤵
        
        PID:14568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        707⤵
        
        PID:14588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        708⤵
        
        PID:14604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        709⤵
        
        PID:14616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        710⤵
        
        PID:14628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        711⤵
        
        PID:14644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        712⤵
        System Location Discovery: System Language Discovery
        
        PID:14660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        713⤵
        
        PID:14676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        714⤵
        
        PID:14692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        715⤵
        
        PID:14704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        716⤵
        
        PID:14716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        717⤵
        
        PID:14732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        718⤵
        
        PID:14752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        719⤵
        
        PID:14768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        720⤵
        
        PID:14784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        721⤵
        
        PID:14800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        722⤵
        
        PID:14816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        723⤵
        
        PID:14832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        724⤵
        
        PID:14848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        725⤵
        
        PID:14864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        726⤵
        
        PID:14880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        727⤵
        
        PID:14892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        728⤵
        
        PID:14908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        729⤵
        
        PID:14924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        730⤵
        
        PID:14936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        731⤵
        
        PID:14956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        732⤵
        
        PID:14972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        733⤵
        
        PID:14988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        734⤵
        
        PID:15000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        735⤵
        
        PID:15016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        736⤵
        
        PID:15028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        737⤵
        
        PID:15048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        738⤵
        
        PID:15064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        739⤵
        
        PID:15080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        740⤵
        
        PID:15096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        741⤵
        System Location Discovery: System Language Discovery
        
        PID:15112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        742⤵
        
        PID:15124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        743⤵
        
        PID:15136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        744⤵
        
        PID:15152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        745⤵
        
        PID:15168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        746⤵
        
        PID:15184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        747⤵
        System Location Discovery: System Language Discovery
        
        PID:15196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        748⤵
        
        PID:15212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        749⤵
        
        PID:15224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        750⤵
        
        PID:15240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        751⤵
        
        PID:15256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        752⤵
        
        PID:15272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        753⤵
        
        PID:15288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        754⤵
        
        PID:15308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        755⤵
        
        PID:15324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        756⤵
        
        PID:15336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        757⤵
        System Location Discovery: System Language Discovery
        
        PID:15348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        758⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        759⤵
        
        PID:15368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        760⤵
        
        PID:15380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        761⤵
        System Location Discovery: System Language Discovery
        
        PID:15392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        762⤵
        
        PID:15412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        763⤵
        
        PID:15428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        764⤵
        
        PID:15440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        765⤵
        
        PID:15456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        766⤵
        
        PID:15468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        767⤵
        
        PID:15484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        768⤵
        System Location Discovery: System Language Discovery
        
        PID:15496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        769⤵
        
        PID:15512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        770⤵
        
        PID:15532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        771⤵
        
        PID:15548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        772⤵
        
        PID:15560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        773⤵
        
        PID:15572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        774⤵
        
        PID:15588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        775⤵
        
        PID:15604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        776⤵
        
        PID:15620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        777⤵
        
        PID:15636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        778⤵
        
        PID:15648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        779⤵
        System Location Discovery: System Language Discovery
        
        PID:15664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        780⤵
        
        PID:15680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        781⤵
        
        PID:15696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        782⤵
        
        PID:15712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        783⤵
        
        PID:15724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        784⤵
        
        PID:15740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        785⤵
        
        PID:15756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        786⤵
        
        PID:15768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        787⤵
        
        PID:15784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        788⤵
        
        PID:15800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        789⤵
        
        PID:15812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        790⤵
        
        PID:15828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        791⤵
        
        PID:15840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        792⤵
        
        PID:15856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        793⤵
        
        PID:15872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        794⤵
        System Location Discovery: System Language Discovery
        
        PID:15888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        795⤵
        
        PID:15900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        796⤵
        
        PID:15916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        797⤵
        
        PID:15932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        798⤵
        
        PID:15944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        799⤵
        
        PID:15960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        800⤵
        
        PID:15976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        801⤵
        System Location Discovery: System Language Discovery
        
        PID:15992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        802⤵
        
        PID:16004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        803⤵
        
        PID:16020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        804⤵
        System Location Discovery: System Language Discovery
        
        PID:16036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        805⤵
        
        PID:16052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        806⤵
        
        PID:16068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        807⤵
        
        PID:16084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        808⤵
        
        PID:16100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        809⤵
        
        PID:16112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        810⤵
        
        PID:16128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        811⤵
        
        PID:16144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        812⤵
        
        PID:16160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        813⤵
        
        PID:16176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        814⤵
        
        PID:16192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        815⤵
        
        PID:16204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        816⤵
        
        PID:16220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        817⤵
        
        PID:16240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        818⤵
        System Location Discovery: System Language Discovery
        
        PID:16264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        819⤵
        
        PID:16276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        820⤵
        
        PID:16292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        821⤵
        
        PID:16308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        822⤵
        
        PID:16324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        823⤵
        
        PID:16340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        824⤵
        System Location Discovery: System Language Discovery
        
        PID:16356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        825⤵
        
        PID:16376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        826⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        827⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        828⤵
        
        PID:16228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        829⤵
        
        PID:16400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        830⤵
        
        PID:16412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        831⤵
        
        PID:16424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        832⤵
        
        PID:16440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        833⤵
        
        PID:16456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        834⤵
        
        PID:16476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        835⤵
        
        PID:16492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        836⤵
        
        PID:16512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        837⤵
        
        PID:16536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        838⤵
        
        PID:16548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        839⤵
        
        PID:16560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        840⤵
        System Location Discovery: System Language Discovery
        
        PID:16580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        841⤵
        
        PID:16592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        842⤵
        
        PID:16608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        843⤵
        
        PID:16624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        844⤵
        
        PID:16640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        845⤵
        
        PID:16656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        846⤵
        
        PID:16668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        847⤵
        
        PID:16688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        848⤵
        
        PID:16700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        849⤵
        
        PID:16720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        850⤵
        
        PID:16732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        851⤵
        
        PID:16744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        852⤵
        
        PID:16764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        853⤵
        
        PID:16776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        854⤵
        
        PID:16788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        855⤵
        
        PID:16804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        856⤵
        
        PID:16820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        857⤵
        
        PID:16832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        858⤵
        
        PID:16844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        859⤵
        
        PID:16860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        860⤵
        
        PID:16876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        861⤵
        
        PID:16888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        862⤵
        
        PID:16900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        863⤵
        
        PID:16912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        864⤵
        
        PID:16928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        865⤵
        
        PID:16948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        866⤵
        
        PID:16964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        867⤵
        
        PID:16976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        868⤵
        
        PID:16992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        869⤵
        
        PID:17004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        870⤵
        
        PID:17024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        871⤵
        
        PID:17040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        872⤵
        
        PID:17056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        873⤵
        
        PID:17072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        874⤵
        
        PID:17088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        875⤵
        
        PID:17104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        876⤵
        
        PID:17120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        877⤵
        
        PID:17132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b7ec9ba9c3d282643ecc626d7a9ca4_JaffaCakes118.dll,#1
        878⤵
        
        PID:17152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/772-11-0x0000000075840000-0x0000000075AC4000-memory.dmp

Filesize
2.5MB

Download
memory/1572-1-0x0000000075840000-0x0000000075AC4000-memory.dmp

Filesize
2.5MB

Download
memory/2016-14-0x0000000075840000-0x0000000075AC4000-memory.dmp

Filesize
2.5MB

Download
memory/2452-13-0x0000000075840000-0x0000000075AC4000-memory.dmp

Filesize
2.5MB

Download
memory/4996-0-0x0000000075840000-0x0000000075AC4000-memory.dmp

Filesize
2.5MB

Download
memory/17104-10-0x0000000075840000-0x0000000075AC4000-memory.dmp

Filesize
2.5MB

Download