ccde2db79d1ce8b17cfeb01e5697be89f35a1569cecac71722409f2c5447a91c

Analysis

max time kernel
94s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 06:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll
Size

42KB
MD5

c02d6902b2c2c6a0b4b4e0ed3ce065ec
SHA1

64a8e2cc3daee935d0c8344bf7a2009673937710
SHA256

ccde2db79d1ce8b17cfeb01e5697be89f35a1569cecac71722409f2c5447a91c
SHA512

12b693e53766465fc87752e02921f5c4e4699360566e0c22c81897d2956945751a18cec41c46fc0786f2bcaabaf54005886cb7bae9aa22583580cf755c1cb202
SSDEEP

768:ml9jIVjhK3ul3rOTVaRQvTDI8v08KX2hN2CE:8sjJ3rOZaRQvPI88nJZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 4852	1240	rundll32.exe	84
PID 1240 wrote to memory of 4852	1240	rundll32.exe	84
PID 1240 wrote to memory of 4852	1240	rundll32.exe	84
PID 4852 wrote to memory of 2308	4852	rundll32.exe	85
PID 4852 wrote to memory of 2308	4852	rundll32.exe	85
PID 4852 wrote to memory of 2308	4852	rundll32.exe	85
PID 2308 wrote to memory of 2840	2308	rundll32.exe	86
PID 2308 wrote to memory of 2840	2308	rundll32.exe	86
PID 2308 wrote to memory of 2840	2308	rundll32.exe	86
PID 2840 wrote to memory of 3868	2840	rundll32.exe	87
PID 2840 wrote to memory of 3868	2840	rundll32.exe	87
PID 2840 wrote to memory of 3868	2840	rundll32.exe	87
PID 3868 wrote to memory of 1236	3868	rundll32.exe	88
PID 3868 wrote to memory of 1236	3868	rundll32.exe	88
PID 3868 wrote to memory of 1236	3868	rundll32.exe	88
PID 1236 wrote to memory of 2668	1236	rundll32.exe	89
PID 1236 wrote to memory of 2668	1236	rundll32.exe	89
PID 1236 wrote to memory of 2668	1236	rundll32.exe	89
PID 2668 wrote to memory of 4752	2668	rundll32.exe	90
PID 2668 wrote to memory of 4752	2668	rundll32.exe	90
PID 2668 wrote to memory of 4752	2668	rundll32.exe	90
PID 4752 wrote to memory of 5052	4752	rundll32.exe	91
PID 4752 wrote to memory of 5052	4752	rundll32.exe	91
PID 4752 wrote to memory of 5052	4752	rundll32.exe	91
PID 5052 wrote to memory of 5044	5052	rundll32.exe	92
PID 5052 wrote to memory of 5044	5052	rundll32.exe	92
PID 5052 wrote to memory of 5044	5052	rundll32.exe	92
PID 5044 wrote to memory of 4600	5044	rundll32.exe	93
PID 5044 wrote to memory of 4600	5044	rundll32.exe	93
PID 5044 wrote to memory of 4600	5044	rundll32.exe	93
PID 4600 wrote to memory of 3788	4600	rundll32.exe	94
PID 4600 wrote to memory of 3788	4600	rundll32.exe	94
PID 4600 wrote to memory of 3788	4600	rundll32.exe	94
PID 3788 wrote to memory of 2272	3788	rundll32.exe	95
PID 3788 wrote to memory of 2272	3788	rundll32.exe	95
PID 3788 wrote to memory of 2272	3788	rundll32.exe	95
PID 2272 wrote to memory of 1224	2272	rundll32.exe	96
PID 2272 wrote to memory of 1224	2272	rundll32.exe	96
PID 2272 wrote to memory of 1224	2272	rundll32.exe	96
PID 1224 wrote to memory of 3024	1224	rundll32.exe	97
PID 1224 wrote to memory of 3024	1224	rundll32.exe	97
PID 1224 wrote to memory of 3024	1224	rundll32.exe	97
PID 3024 wrote to memory of 1484	3024	rundll32.exe	98
PID 3024 wrote to memory of 1484	3024	rundll32.exe	98
PID 3024 wrote to memory of 1484	3024	rundll32.exe	98
PID 1484 wrote to memory of 708	1484	rundll32.exe	99
PID 1484 wrote to memory of 708	1484	rundll32.exe	99
PID 1484 wrote to memory of 708	1484	rundll32.exe	99
PID 708 wrote to memory of 2192	708	rundll32.exe	100
PID 708 wrote to memory of 2192	708	rundll32.exe	100
PID 708 wrote to memory of 2192	708	rundll32.exe	100
PID 2192 wrote to memory of 4992	2192	rundll32.exe	101
PID 2192 wrote to memory of 4992	2192	rundll32.exe	101
PID 2192 wrote to memory of 4992	2192	rundll32.exe	101
PID 4992 wrote to memory of 4372	4992	rundll32.exe	102
PID 4992 wrote to memory of 4372	4992	rundll32.exe	102
PID 4992 wrote to memory of 4372	4992	rundll32.exe	102
PID 4372 wrote to memory of 2528	4372	rundll32.exe	103
PID 4372 wrote to memory of 2528	4372	rundll32.exe	103
PID 4372 wrote to memory of 2528	4372	rundll32.exe	103
PID 2528 wrote to memory of 232	2528	rundll32.exe	104
PID 2528 wrote to memory of 232	2528	rundll32.exe	104
PID 2528 wrote to memory of 232	2528	rundll32.exe	104
PID 232 wrote to memory of 4728	232	rundll32.exe	106

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4852
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2840
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3868
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:2668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:5052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:5044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:4600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:3788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:2272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:1224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:3024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:1484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:2192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        19⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:4372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:2528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        23⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        24⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        25⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        26⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        27⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        28⤵
        
        PID:464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        29⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        30⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        31⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        32⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        33⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        34⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        35⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        37⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        38⤵
        
        PID:312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        39⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        40⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        41⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        42⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        43⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        44⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        45⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        46⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        48⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        49⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        50⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        51⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        52⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        53⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        54⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        55⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        56⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        57⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        59⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        60⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        61⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        62⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        63⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        64⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        65⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        66⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        67⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        69⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        70⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        71⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        72⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        73⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        74⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        75⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        76⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        77⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        78⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        79⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        80⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        81⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        82⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        83⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        85⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        86⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        87⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        88⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        89⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        90⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        91⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        92⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        93⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        94⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        95⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        96⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        97⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        98⤵
        
        PID:996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        99⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        102⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        103⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        104⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        105⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        106⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        107⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        108⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        109⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        110⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        111⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        112⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        113⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        114⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        115⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        116⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        117⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        118⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        119⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        120⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        121⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        122⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        123⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        124⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        125⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        127⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        128⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        129⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        130⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        131⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        132⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        133⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        134⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        135⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        136⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        137⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        138⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        139⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        140⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:5896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        142⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        143⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:5984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        145⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        146⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        147⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        148⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        149⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        150⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        151⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        152⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:6172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        154⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        155⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        156⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        157⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        158⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        159⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        160⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        161⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        162⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        163⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        164⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        165⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        166⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        167⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        168⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        169⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        170⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        171⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        172⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        173⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        174⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        175⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        176⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        177⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        178⤵
        System Location Discovery: System Language Discovery
        
        PID:6588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        179⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        180⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        181⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        182⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        183⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        184⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        185⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        186⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        187⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        188⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        189⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        190⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        191⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        192⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        193⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        194⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        195⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        196⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        197⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        198⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        199⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        200⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        201⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        202⤵
        System Location Discovery: System Language Discovery
        
        PID:6964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        203⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        204⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        205⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        206⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        207⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        208⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        209⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        210⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        211⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        212⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        213⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        214⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        215⤵
        System Location Discovery: System Language Discovery
        
        PID:7156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        216⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        217⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        218⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        219⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        220⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        221⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        222⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        223⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        224⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        225⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        226⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        227⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        228⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        229⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        230⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        231⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        232⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        233⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        234⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        235⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        236⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        237⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        238⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        239⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        240⤵
        System Location Discovery: System Language Discovery
        
        PID:7576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        241⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        242⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        243⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        244⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        245⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        246⤵
        System Location Discovery: System Language Discovery
        
        PID:7700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        247⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        248⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        249⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        250⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        251⤵
        System Location Discovery: System Language Discovery
        
        PID:7776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        252⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        253⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        254⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        255⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        256⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        257⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        258⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        259⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        260⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        261⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        262⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        263⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        264⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        265⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        266⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        267⤵
        System Location Discovery: System Language Discovery
        
        PID:8020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        268⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        269⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        270⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        271⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        272⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        273⤵
        System Location Discovery: System Language Discovery
        
        PID:8116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        274⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        275⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        276⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        277⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        278⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        279⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        280⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        281⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        282⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        283⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        284⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        285⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        286⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        287⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        288⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        289⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        290⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        291⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        292⤵
        System Location Discovery: System Language Discovery
        
        PID:8404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        293⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        294⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        295⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        296⤵
        System Location Discovery: System Language Discovery
        
        PID:8464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        297⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        298⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        299⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        300⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        301⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        302⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        303⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        304⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        305⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        306⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        307⤵
        System Location Discovery: System Language Discovery
        
        PID:8628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        308⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        309⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        310⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        311⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        312⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        313⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        314⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        315⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        316⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        317⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        318⤵
        System Location Discovery: System Language Discovery
        
        PID:8796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        319⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        320⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        321⤵
        System Location Discovery: System Language Discovery
        
        PID:8892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        322⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        323⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        324⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        325⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        326⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        327⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        328⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        329⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        330⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        331⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        332⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        333⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        334⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        335⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        336⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        337⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        338⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        339⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        340⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        341⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        342⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        343⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        344⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        345⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        346⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        347⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        348⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        349⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        350⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        351⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        352⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        353⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        354⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        355⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        356⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        357⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        358⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        359⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        360⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        361⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        362⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        363⤵
        System Location Discovery: System Language Discovery
        
        PID:9496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        364⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        365⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        366⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        367⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        368⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        369⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        370⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        371⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        372⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        373⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        374⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        375⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        376⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        377⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        378⤵
        System Location Discovery: System Language Discovery
        
        PID:9732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        379⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        380⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        381⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        382⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        383⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        384⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        385⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        386⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        387⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        388⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        389⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        390⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        391⤵
        System Location Discovery: System Language Discovery
        
        PID:9912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        392⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        393⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        394⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        395⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        396⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        397⤵
        System Location Discovery: System Language Discovery
        
        PID:10008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        398⤵
        System Location Discovery: System Language Discovery
        
        PID:10020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        399⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        400⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        401⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        402⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        403⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        404⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        405⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        406⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        407⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        408⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        409⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        410⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        411⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        412⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        413⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        414⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        415⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        416⤵
        
        PID:544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        417⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        418⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        419⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        420⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        421⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        422⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        423⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        424⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        425⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        426⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        427⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        428⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        429⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        430⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        431⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        432⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        433⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        434⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        435⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        436⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        437⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        438⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        439⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        440⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        441⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        442⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        443⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        444⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        445⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        446⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        447⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        448⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        449⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        450⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        451⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        452⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        453⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        454⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        455⤵
        System Location Discovery: System Language Discovery
        
        PID:10792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        456⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        457⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        458⤵
        System Location Discovery: System Language Discovery
        
        PID:10836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        459⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        460⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        461⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        462⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        463⤵
        System Location Discovery: System Language Discovery
        
        PID:10904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        464⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        465⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        466⤵
        System Location Discovery: System Language Discovery
        
        PID:10952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        467⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        468⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        469⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        470⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        471⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        472⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        473⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        474⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        475⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        476⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        477⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        478⤵
        System Location Discovery: System Language Discovery
        
        PID:11136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        479⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        480⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        481⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        482⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        483⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        484⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        485⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        486⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        487⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        488⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        489⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        490⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        491⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        492⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        493⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        494⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        495⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        496⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        497⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        498⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        499⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        500⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        501⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        502⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        503⤵
        System Location Discovery: System Language Discovery
        
        PID:11508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        504⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        505⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        506⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        507⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        508⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        509⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        510⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        511⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        512⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        513⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        514⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        515⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        516⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        517⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        518⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        519⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        520⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        521⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        522⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        523⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        524⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        525⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        526⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        527⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        528⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        529⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        530⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        531⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        532⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        533⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        534⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        535⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        536⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        537⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        538⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        539⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        540⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        541⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        542⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        543⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        544⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        545⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        546⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        547⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        548⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        549⤵
        System Location Discovery: System Language Discovery
        
        PID:12184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        550⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        551⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        552⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        553⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        554⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        555⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        556⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        557⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        558⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        559⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        560⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        561⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        562⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        563⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        564⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        565⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        566⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        567⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        568⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        569⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        570⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        571⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        572⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        573⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        574⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        575⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        576⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        577⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        578⤵
        System Location Discovery: System Language Discovery
        
        PID:12628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        579⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        580⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        581⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        582⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        583⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        584⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        585⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        586⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        587⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        588⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        589⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        590⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        591⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        592⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        593⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        594⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        595⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        596⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        597⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        598⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        599⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        600⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        601⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        602⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        603⤵
        System Location Discovery: System Language Discovery
        
        PID:12992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        604⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        605⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        606⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        607⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        608⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        609⤵
        System Location Discovery: System Language Discovery
        
        PID:13088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        610⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        611⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        612⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        613⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        614⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        615⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        616⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        617⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        618⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        619⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        620⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        621⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        622⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        623⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        624⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        625⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        626⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        627⤵
        
        PID:13336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        628⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        629⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        630⤵
        
        PID:13380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        631⤵
        System Location Discovery: System Language Discovery
        
        PID:13396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        632⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        633⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        634⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        635⤵
        
        PID:13460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        636⤵
        
        PID:13476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        637⤵
        
        PID:13492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        638⤵
        
        PID:13508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        639⤵
        
        PID:13524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        640⤵
        
        PID:13540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        641⤵
        
        PID:13552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        642⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        643⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        644⤵
        
        PID:13596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        645⤵
        
        PID:13608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        646⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        647⤵
        System Location Discovery: System Language Discovery
        
        PID:13636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        648⤵
        
        PID:13648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        649⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        650⤵
        
        PID:13676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        651⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        652⤵
        
        PID:13708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        653⤵
        
        PID:13724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        654⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        655⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        656⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        657⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        658⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        659⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        660⤵
        
        PID:13832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        661⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        662⤵
        
        PID:13864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        663⤵
        
        PID:13880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        664⤵
        
        PID:13892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        665⤵
        
        PID:13908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        666⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        667⤵
        
        PID:13936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        668⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        669⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        670⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        671⤵
        
        PID:14000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        672⤵
        
        PID:14016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        673⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        674⤵
        
        PID:14048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        675⤵
        
        PID:14064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        676⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        677⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        678⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        679⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        680⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        681⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        682⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        683⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        684⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        685⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        686⤵
        System Location Discovery: System Language Discovery
        
        PID:14236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        687⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        688⤵
        
        PID:14268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        689⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        690⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        691⤵
        
        PID:14316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        692⤵
        System Location Discovery: System Language Discovery
        
        PID:14332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        693⤵
        
        PID:14344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        694⤵
        
        PID:14360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        695⤵
        
        PID:14372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        696⤵
        
        PID:14388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        697⤵
        
        PID:14404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        698⤵
        
        PID:14420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        699⤵
        
        PID:14436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        700⤵
        
        PID:14452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        701⤵
        
        PID:14468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        702⤵
        
        PID:14480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        703⤵
        
        PID:14496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        704⤵
        
        PID:14512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        705⤵
        
        PID:14528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        706⤵
        
        PID:14544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        707⤵
        
        PID:14556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        708⤵
        System Location Discovery: System Language Discovery
        
        PID:14572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        709⤵
        System Location Discovery: System Language Discovery
        
        PID:14588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        710⤵
        
        PID:14604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        711⤵
        
        PID:14616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        712⤵
        
        PID:14628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        713⤵
        
        PID:14644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        714⤵
        
        PID:14660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        715⤵
        
        PID:14676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        716⤵
        
        PID:14692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        717⤵
        
        PID:14708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        718⤵
        
        PID:14724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        719⤵
        
        PID:14740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        720⤵
        
        PID:14752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        721⤵
        
        PID:14764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        722⤵
        
        PID:14780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        723⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        724⤵
        
        PID:14812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        725⤵
        
        PID:14828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        726⤵
        System Location Discovery: System Language Discovery
        
        PID:14840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        727⤵
        
        PID:14856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        728⤵
        
        PID:14868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        729⤵
        
        PID:14884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        730⤵
        
        PID:14900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        731⤵
        
        PID:14912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        732⤵
        
        PID:14932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        733⤵
        
        PID:14948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        734⤵
        
        PID:14964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        735⤵
        
        PID:14980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        736⤵
        
        PID:14996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        737⤵
        
        PID:15008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        738⤵
        
        PID:15020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        739⤵
        
        PID:15032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        740⤵
        System Location Discovery: System Language Discovery
        
        PID:15044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        741⤵
        
        PID:15056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        742⤵
        
        PID:15072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        743⤵
        
        PID:15084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        744⤵
        
        PID:15100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        745⤵
        
        PID:15116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        746⤵
        
        PID:15132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        747⤵
        
        PID:15148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        748⤵
        
        PID:15160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        749⤵
        System Location Discovery: System Language Discovery
        
        PID:15176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        750⤵
        
        PID:15192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        751⤵
        
        PID:15208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        752⤵
        
        PID:15224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        753⤵
        
        PID:15240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        754⤵
        
        PID:15256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        755⤵
        
        PID:15272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        756⤵
        
        PID:15288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        757⤵
        
        PID:15300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        758⤵
        
        PID:15316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        759⤵
        System Location Discovery: System Language Discovery
        
        PID:15332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        760⤵
        
        PID:15344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        761⤵
        System Location Discovery: System Language Discovery
        
        PID:14380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        762⤵
        
        PID:15372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        763⤵
        
        PID:15388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        764⤵
        
        PID:15404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        765⤵
        
        PID:15420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        766⤵
        System Location Discovery: System Language Discovery
        
        PID:15432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        767⤵
        
        PID:15448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        768⤵
        
        PID:15460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        769⤵
        
        PID:15480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        770⤵
        
        PID:15496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        771⤵
        
        PID:15512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        772⤵
        
        PID:15528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        773⤵
        System Location Discovery: System Language Discovery
        
        PID:15544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        774⤵
        
        PID:15556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        775⤵
        
        PID:15568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        776⤵
        
        PID:15588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        777⤵
        
        PID:15604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        778⤵
        
        PID:15620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        779⤵
        
        PID:15636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        780⤵
        
        PID:15652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        781⤵
        
        PID:15668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        782⤵
        
        PID:15684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        783⤵
        
        PID:15700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        784⤵
        
        PID:15716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        785⤵
        
        PID:15732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        786⤵
        
        PID:15748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        787⤵
        System Location Discovery: System Language Discovery
        
        PID:15764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        788⤵
        
        PID:15780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        789⤵
        
        PID:15796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        790⤵
        
        PID:15812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        791⤵
        
        PID:15828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        792⤵
        
        PID:15844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        793⤵
        System Location Discovery: System Language Discovery
        
        PID:15860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        794⤵
        
        PID:15876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        795⤵
        
        PID:15892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        796⤵
        
        PID:15908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        797⤵
        
        PID:15924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        798⤵
        
        PID:15940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        799⤵
        
        PID:15956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        800⤵
        
        PID:15972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        801⤵
        
        PID:15984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        802⤵
        
        PID:16004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        803⤵
        
        PID:16020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        804⤵
        
        PID:16036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        805⤵
        
        PID:16048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        806⤵
        
        PID:16064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        807⤵
        
        PID:16076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        808⤵
        
        PID:16092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        809⤵
        
        PID:16108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        810⤵
        
        PID:16124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        811⤵
        
        PID:16140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        812⤵
        
        PID:16156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        813⤵
        
        PID:16172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        814⤵
        System Location Discovery: System Language Discovery
        
        PID:16188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        815⤵
        
        PID:16200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        816⤵
        
        PID:16212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        817⤵
        
        PID:16228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        818⤵
        
        PID:16244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        819⤵
        System Location Discovery: System Language Discovery
        
        PID:16260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        820⤵
        
        PID:16276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        821⤵
        
        PID:16292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        822⤵
        
        PID:16308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        823⤵
        
        PID:16324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        824⤵
        
        PID:16340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        825⤵
        
        PID:16356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        826⤵
        
        PID:16372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        827⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        828⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        829⤵
        
        PID:15992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        830⤵
        
        PID:16400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        831⤵
        
        PID:16416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        832⤵
        
        PID:16432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        833⤵
        
        PID:16444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        834⤵
        
        PID:16460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        835⤵
        
        PID:16476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        836⤵
        
        PID:16488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        837⤵
        
        PID:16508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        838⤵
        
        PID:16524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        839⤵
        
        PID:16540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        840⤵
        
        PID:16552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        841⤵
        
        PID:16564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        842⤵
        
        PID:16580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        843⤵
        
        PID:16596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        844⤵
        
        PID:16608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        845⤵
        
        PID:16624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        846⤵
        
        PID:16640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        847⤵
        
        PID:16652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        848⤵
        
        PID:16668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        849⤵
        
        PID:16684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        850⤵
        
        PID:16700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        851⤵
        
        PID:16716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        852⤵
        
        PID:16732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        853⤵
        
        PID:16748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        854⤵
        
        PID:16764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        855⤵
        
        PID:16776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        856⤵
        
        PID:16796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        857⤵
        
        PID:16812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        858⤵
        
        PID:16828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        859⤵
        
        PID:16844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        860⤵
        System Location Discovery: System Language Discovery
        
        PID:16860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        861⤵
        
        PID:16872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        862⤵
        
        PID:16888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        863⤵
        
        PID:16904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        864⤵
        
        PID:16920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        865⤵
        
        PID:16936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        866⤵
        
        PID:16948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        867⤵
        
        PID:16968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        868⤵
        
        PID:16984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        869⤵
        
        PID:16996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        870⤵
        
        PID:17016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        871⤵
        
        PID:17032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        872⤵
        
        PID:17044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        873⤵
        
        PID:17056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        874⤵
        
        PID:17072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        875⤵
        
        PID:17084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        876⤵
        
        PID:17100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        877⤵
        
        PID:17116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        878⤵
        
        PID:17132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        879⤵
        
        PID:17148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\c02d6902b2c2c6a0b4b4e0ed3ce065ec_JaffaCakes118.dll,#1
        880⤵
        
        PID:17164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/708-15-0x0000000074C00000-0x0000000074E84000-memory.dmp

Filesize
2.5MB

Download
memory/2192-16-0x0000000074C00000-0x0000000074E84000-memory.dmp

Filesize
2.5MB

Download
memory/2308-1-0x0000000074C00000-0x0000000074E84000-memory.dmp

Filesize
2.5MB

Download
memory/2840-2-0x0000000074C00000-0x0000000074E84000-memory.dmp

Filesize
2.5MB

Download
memory/3208-24-0x0000000074C00000-0x0000000074E84000-memory.dmp

Filesize
2.5MB

Download
memory/4728-21-0x0000000074C00000-0x0000000074E84000-memory.dmp

Filesize
2.5MB

Download
memory/5000-25-0x0000000074C00000-0x0000000074E84000-memory.dmp

Filesize
2.5MB

Download