72f278cbc23c37414baa4623642b8cdd3fc30877dd4b03673e0048c1153e19fc

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll
Size

48KB
MD5

fb6f2f0ccb3ecacc1c2e7f915943b2ce
SHA1

bcf01f263e90d4891bd88284e1ccf175b19be229
SHA256

72f278cbc23c37414baa4623642b8cdd3fc30877dd4b03673e0048c1153e19fc
SHA512

1ebc2f4f6f63012be5625c97e93d05bc8d88bd55ae83af912abf173baf64fd928efa1025a4b2473bdff53d1428fd4ec5d69aba75143f7a077e02dd6538f0d8cf
SSDEEP

768:D596iTyXakx3Kj5DoYsVwr7rZrMxo0qkdPkv/sHUWWNP:D5Ii+qLsVwvrZrMx8k28HuP

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 1056	3748	rundll32.exe	87
PID 3748 wrote to memory of 1056	3748	rundll32.exe	87
PID 3748 wrote to memory of 1056	3748	rundll32.exe	87
PID 1056 wrote to memory of 1652	1056	rundll32.exe	88
PID 1056 wrote to memory of 1652	1056	rundll32.exe	88
PID 1056 wrote to memory of 1652	1056	rundll32.exe	88
PID 1652 wrote to memory of 4704	1652	rundll32.exe	89
PID 1652 wrote to memory of 4704	1652	rundll32.exe	89
PID 1652 wrote to memory of 4704	1652	rundll32.exe	89
PID 4704 wrote to memory of 4660	4704	rundll32.exe	90
PID 4704 wrote to memory of 4660	4704	rundll32.exe	90
PID 4704 wrote to memory of 4660	4704	rundll32.exe	90
PID 4660 wrote to memory of 624	4660	rundll32.exe	91
PID 4660 wrote to memory of 624	4660	rundll32.exe	91
PID 4660 wrote to memory of 624	4660	rundll32.exe	91
PID 624 wrote to memory of 2296	624	rundll32.exe	92
PID 624 wrote to memory of 2296	624	rundll32.exe	92
PID 624 wrote to memory of 2296	624	rundll32.exe	92
PID 2296 wrote to memory of 64	2296	rundll32.exe	93
PID 2296 wrote to memory of 64	2296	rundll32.exe	93
PID 2296 wrote to memory of 64	2296	rundll32.exe	93
PID 64 wrote to memory of 2964	64	rundll32.exe	94
PID 64 wrote to memory of 2964	64	rundll32.exe	94
PID 64 wrote to memory of 2964	64	rundll32.exe	94
PID 2964 wrote to memory of 4908	2964	rundll32.exe	95
PID 2964 wrote to memory of 4908	2964	rundll32.exe	95
PID 2964 wrote to memory of 4908	2964	rundll32.exe	95
PID 4908 wrote to memory of 4152	4908	rundll32.exe	96
PID 4908 wrote to memory of 4152	4908	rundll32.exe	96
PID 4908 wrote to memory of 4152	4908	rundll32.exe	96
PID 4152 wrote to memory of 3644	4152	rundll32.exe	97
PID 4152 wrote to memory of 3644	4152	rundll32.exe	97
PID 4152 wrote to memory of 3644	4152	rundll32.exe	97
PID 3644 wrote to memory of 2276	3644	rundll32.exe	98
PID 3644 wrote to memory of 2276	3644	rundll32.exe	98
PID 3644 wrote to memory of 2276	3644	rundll32.exe	98
PID 2276 wrote to memory of 1708	2276	rundll32.exe	99
PID 2276 wrote to memory of 1708	2276	rundll32.exe	99
PID 2276 wrote to memory of 1708	2276	rundll32.exe	99
PID 1708 wrote to memory of 3628	1708	rundll32.exe	100
PID 1708 wrote to memory of 3628	1708	rundll32.exe	100
PID 1708 wrote to memory of 3628	1708	rundll32.exe	100
PID 3628 wrote to memory of 3968	3628	rundll32.exe	101
PID 3628 wrote to memory of 3968	3628	rundll32.exe	101
PID 3628 wrote to memory of 3968	3628	rundll32.exe	101
PID 3968 wrote to memory of 2084	3968	rundll32.exe	102
PID 3968 wrote to memory of 2084	3968	rundll32.exe	102
PID 3968 wrote to memory of 2084	3968	rundll32.exe	102
PID 2084 wrote to memory of 648	2084	rundll32.exe	103
PID 2084 wrote to memory of 648	2084	rundll32.exe	103
PID 2084 wrote to memory of 648	2084	rundll32.exe	103
PID 648 wrote to memory of 1916	648	rundll32.exe	104
PID 648 wrote to memory of 1916	648	rundll32.exe	104
PID 648 wrote to memory of 1916	648	rundll32.exe	104
PID 1916 wrote to memory of 4884	1916	rundll32.exe	105
PID 1916 wrote to memory of 4884	1916	rundll32.exe	105
PID 1916 wrote to memory of 4884	1916	rundll32.exe	105
PID 4884 wrote to memory of 4460	4884	rundll32.exe	106
PID 4884 wrote to memory of 4460	4884	rundll32.exe	106
PID 4884 wrote to memory of 4460	4884	rundll32.exe	106
PID 4460 wrote to memory of 2564	4460	rundll32.exe	107
PID 4460 wrote to memory of 2564	4460	rundll32.exe	107
PID 4460 wrote to memory of 2564	4460	rundll32.exe	107
PID 2564 wrote to memory of 3184	2564	rundll32.exe	108

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1652
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4704
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4660
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:2296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:64
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:2964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:4152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:3644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:2276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:1708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:3628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:3968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:2084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        19⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:4884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:4460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:2564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        23⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        24⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        25⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        26⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        27⤵
        
        PID:892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        28⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        29⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        30⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        31⤵
        
        PID:644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        32⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        33⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        34⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        35⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        36⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        37⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        38⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        39⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        40⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        41⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        42⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        43⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        44⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        45⤵
        
        PID:536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        46⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        47⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        48⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        49⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        50⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        51⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        52⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        53⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        54⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        55⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        56⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        57⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        58⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        59⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        60⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        61⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        62⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        63⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        64⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        65⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        66⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        67⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        68⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        69⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        70⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        71⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        72⤵
        
        PID:820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        73⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        74⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        75⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:4952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        77⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        78⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        79⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        80⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        81⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        82⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        83⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        84⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        85⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        86⤵
        
        PID:944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        87⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        88⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        89⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        90⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        91⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        92⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        93⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        94⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        95⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        96⤵
        
        PID:436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:1112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        98⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        99⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        100⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        101⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        102⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        103⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        104⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        105⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        106⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        107⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        108⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        109⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        110⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        111⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        112⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        113⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        114⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        115⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        116⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        117⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        118⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        119⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        120⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        121⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        122⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        123⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:5496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        125⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        126⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        127⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        129⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        130⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        131⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        132⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        133⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        134⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        135⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        136⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        137⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        138⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        139⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        140⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        141⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        142⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        143⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        144⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        145⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        146⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        147⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        148⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        149⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        150⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        151⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        152⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        153⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        154⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        155⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        156⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        157⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        159⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        160⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        161⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        162⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        163⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        164⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        165⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        166⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        167⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        168⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        169⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:6196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        171⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        172⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        173⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        174⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        175⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        176⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        177⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        178⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        179⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        180⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        181⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        182⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        183⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        184⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        185⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        186⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        187⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        188⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        189⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        190⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        191⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        192⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        193⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        194⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        195⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        196⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        197⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        198⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        199⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        200⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        201⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        202⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        203⤵
        System Location Discovery: System Language Discovery
        
        PID:6740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        204⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        205⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        206⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        207⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        208⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:6888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        210⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        211⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        212⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        213⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        214⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        215⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        217⤵
        System Location Discovery: System Language Discovery
        
        PID:7116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        218⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        219⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        220⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        221⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        222⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        223⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        224⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        225⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        226⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        227⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        228⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        229⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        230⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        231⤵
        System Location Discovery: System Language Discovery
        
        PID:7332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        232⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        233⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        234⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        235⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        236⤵
        System Location Discovery: System Language Discovery
        
        PID:7404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        237⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        238⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        239⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        240⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        241⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        242⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        243⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        244⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        245⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        246⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        247⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        248⤵
        System Location Discovery: System Language Discovery
        
        PID:7588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        249⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        250⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        251⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        252⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        253⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        254⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        255⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        256⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        257⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        258⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        259⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        260⤵
        System Location Discovery: System Language Discovery
        
        PID:7768
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        261⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        262⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        263⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        264⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        265⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        266⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        267⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        268⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        269⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        270⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        271⤵
        System Location Discovery: System Language Discovery
        
        PID:7920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        272⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        273⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        274⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        275⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        276⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        277⤵
        System Location Discovery: System Language Discovery
        
        PID:8016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        278⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        279⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        280⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        281⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        282⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        283⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        284⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        285⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        286⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        287⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        288⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        289⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        290⤵
        System Location Discovery: System Language Discovery
        
        PID:8204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        291⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        292⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        293⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        294⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        295⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        296⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        297⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        298⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        299⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        300⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        301⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        302⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        303⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        304⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        305⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        306⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        307⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        308⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        309⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        310⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        311⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        312⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        313⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        314⤵
        System Location Discovery: System Language Discovery
        
        PID:8584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        315⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        316⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        317⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        318⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        319⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        320⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        321⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        322⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        323⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        324⤵
        System Location Discovery: System Language Discovery
        
        PID:8732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        325⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        326⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        327⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        328⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        329⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        330⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        331⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        332⤵
        System Location Discovery: System Language Discovery
        
        PID:8856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        333⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        334⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        335⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        336⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        337⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        338⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        339⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        340⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        341⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        342⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        343⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        344⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        345⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        346⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        347⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        348⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        349⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        350⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        351⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        352⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        353⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        354⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        355⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        356⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        357⤵
        System Location Discovery: System Language Discovery
        
        PID:8292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        358⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        359⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        360⤵
        System Location Discovery: System Language Discovery
        
        PID:9244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        361⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        362⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        363⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        364⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        365⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        366⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        367⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        368⤵
        System Location Discovery: System Language Discovery
        
        PID:9360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        369⤵
        System Location Discovery: System Language Discovery
        
        PID:9372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        370⤵
        System Location Discovery: System Language Discovery
        
        PID:9384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        371⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        372⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        373⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        374⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        375⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        376⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        377⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        378⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        379⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        380⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        381⤵
        System Location Discovery: System Language Discovery
        
        PID:9544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        382⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        383⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        384⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        385⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        386⤵
        System Location Discovery: System Language Discovery
        
        PID:9692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        387⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        388⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        389⤵
        System Location Discovery: System Language Discovery
        
        PID:9772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        390⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        391⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        392⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        393⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        394⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        395⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        396⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        397⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        398⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        399⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        400⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        401⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        402⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        403⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        404⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        405⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        406⤵
        System Location Discovery: System Language Discovery
        
        PID:10040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        407⤵
        System Location Discovery: System Language Discovery
        
        PID:10056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        408⤵
        System Location Discovery: System Language Discovery
        
        PID:10072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        409⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        410⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        411⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        412⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        413⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        414⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        415⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        416⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        417⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        418⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        419⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        420⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        421⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        422⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        423⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        424⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        425⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        426⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        427⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        428⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        429⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        430⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        431⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        432⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        433⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        434⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        435⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        436⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        437⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        438⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        439⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        440⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        441⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        442⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        443⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        444⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        445⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        446⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        447⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        448⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        449⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        450⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        451⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        452⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        453⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        454⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        455⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        456⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        457⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        458⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        459⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        460⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        461⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        462⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        463⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        464⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        465⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        466⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        467⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        468⤵
        System Location Discovery: System Language Discovery
        
        PID:10924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        469⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        470⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        471⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        472⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        473⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        474⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        475⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        476⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        477⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        478⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        479⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        480⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        481⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        482⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        483⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        484⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        485⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        486⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        487⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        488⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        489⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        490⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        491⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        492⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        493⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        494⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        495⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        496⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        497⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        498⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        499⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        500⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        501⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        502⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        503⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        504⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        505⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        506⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        507⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        508⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        509⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        510⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        511⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        512⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        513⤵
        System Location Discovery: System Language Discovery
        
        PID:11556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        514⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        515⤵
        System Location Discovery: System Language Discovery
        
        PID:11588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        516⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        517⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        518⤵
        System Location Discovery: System Language Discovery
        
        PID:11636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        519⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        520⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        521⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        522⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        523⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        524⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        525⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        526⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        527⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        528⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        529⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        530⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        531⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        532⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        533⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        534⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        535⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        536⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        537⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        538⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        539⤵
        System Location Discovery: System Language Discovery
        
        PID:11940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        540⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        541⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        542⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        543⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        544⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        545⤵
        System Location Discovery: System Language Discovery
        
        PID:12028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        546⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        547⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        548⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        549⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        550⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        551⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        552⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        553⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        554⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        555⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        556⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        557⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        558⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        559⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        560⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        561⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        562⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        563⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        564⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        565⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        566⤵
        System Location Discovery: System Language Discovery
        
        PID:12316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        567⤵
        System Location Discovery: System Language Discovery
        
        PID:12328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        568⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        569⤵
        System Location Discovery: System Language Discovery
        
        PID:12352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        570⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        571⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        572⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        573⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        574⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        575⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        576⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        577⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        578⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        579⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        580⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        581⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        582⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        583⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        584⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        585⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        586⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        587⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        588⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        589⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        590⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        591⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        592⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        593⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        594⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        595⤵
        System Location Discovery: System Language Discovery
        
        PID:12716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        596⤵
        System Location Discovery: System Language Discovery
        
        PID:12732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        597⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        598⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        599⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        600⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        601⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        602⤵
        System Location Discovery: System Language Discovery
        
        PID:12816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        603⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        604⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        605⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        606⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        607⤵
        System Location Discovery: System Language Discovery
        
        PID:12900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        608⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        609⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        610⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        611⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        612⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        613⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        614⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        615⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        616⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        617⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        618⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        619⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        620⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        621⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        622⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        623⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        624⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        625⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        626⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        627⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        628⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        629⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        630⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        631⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        632⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        633⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        634⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        635⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        636⤵
        
        PID:13332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        637⤵
        
        PID:13344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        638⤵
        
        PID:13360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        639⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        640⤵
        
        PID:13392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        641⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        642⤵
        System Location Discovery: System Language Discovery
        
        PID:13420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        643⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        644⤵
        
        PID:13452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        645⤵
        
        PID:13468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        646⤵
        
        PID:13484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        647⤵
        
        PID:13500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        648⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        649⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        650⤵
        
        PID:13544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        651⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        652⤵
        
        PID:13572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        653⤵
        
        PID:13584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        654⤵
        System Location Discovery: System Language Discovery
        
        PID:13596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        655⤵
        System Location Discovery: System Language Discovery
        
        PID:13608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        656⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        657⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        658⤵
        
        PID:13652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        659⤵
        
        PID:13668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        660⤵
        
        PID:13684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        661⤵
        
        PID:13700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        662⤵
        
        PID:13716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        663⤵
        
        PID:13728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        664⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        665⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        666⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        667⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        668⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        669⤵
        System Location Discovery: System Language Discovery
        
        PID:13820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        670⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        671⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        672⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        673⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        674⤵
        
        PID:13892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        675⤵
        
        PID:13908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        676⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        677⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        678⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        679⤵
        
        PID:13968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        680⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        681⤵
        
        PID:14000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        682⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        683⤵
        
        PID:14024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        684⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        685⤵
        
        PID:14052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        686⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        687⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        688⤵
        
        PID:14092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        689⤵
        
        PID:14108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        690⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        691⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        692⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        693⤵
        
        PID:14188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        694⤵
        System Location Discovery: System Language Discovery
        
        PID:14200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        695⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        696⤵
        
        PID:14232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        697⤵
        
        PID:14248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        698⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        699⤵
        
        PID:14276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        700⤵
        
        PID:14292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        701⤵
        
        PID:14308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        702⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        703⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        704⤵
        
        PID:13748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        705⤵
        System Location Discovery: System Language Discovery
        
        PID:14352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        706⤵
        
        PID:14364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        707⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        708⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        709⤵
        
        PID:14420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        710⤵
        
        PID:14436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        711⤵
        
        PID:14448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        712⤵
        
        PID:14460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        713⤵
        System Location Discovery: System Language Discovery
        
        PID:14472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        714⤵
        
        PID:14484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        715⤵
        
        PID:14500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        716⤵
        
        PID:14516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        717⤵
        
        PID:14532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        718⤵
        
        PID:14544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        719⤵
        
        PID:14556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        720⤵
        
        PID:14572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        721⤵
        
        PID:14588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        722⤵
        
        PID:14600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        723⤵
        
        PID:14616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        724⤵
        
        PID:14632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        725⤵
        
        PID:14648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        726⤵
        
        PID:14660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        727⤵
        
        PID:14672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        728⤵
        
        PID:14688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        729⤵
        
        PID:14704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        730⤵
        System Location Discovery: System Language Discovery
        
        PID:14716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        731⤵
        
        PID:14732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        732⤵
        
        PID:14748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        733⤵
        
        PID:14764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        734⤵
        
        PID:14780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        735⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        736⤵
        
        PID:14812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        737⤵
        
        PID:14824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        738⤵
        
        PID:14840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        739⤵
        
        PID:14856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        740⤵
        
        PID:14872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        741⤵
        
        PID:14888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        742⤵
        
        PID:14900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        743⤵
        
        PID:14920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        744⤵
        
        PID:14936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        745⤵
        
        PID:14948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        746⤵
        
        PID:14964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        747⤵
        
        PID:14980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        748⤵
        
        PID:14992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        749⤵
        
        PID:15016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        750⤵
        
        PID:15048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        751⤵
        
        PID:15072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        752⤵
        
        PID:15088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        753⤵
        
        PID:15100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        754⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        755⤵
        
        PID:15128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        756⤵
        System Location Discovery: System Language Discovery
        
        PID:15144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        757⤵
        
        PID:15164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        758⤵
        
        PID:15184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        759⤵
        
        PID:15200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        760⤵
        
        PID:15220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        761⤵
        
        PID:15232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        762⤵
        
        PID:15244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        763⤵
        
        PID:15260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        764⤵
        
        PID:15276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        765⤵
        
        PID:15292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        766⤵
        
        PID:15308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        767⤵
        
        PID:15324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        768⤵
        
        PID:15340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        769⤵
        
        PID:15356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        770⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        771⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        772⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        773⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        774⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        775⤵
        
        PID:14832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        776⤵
        
        PID:15364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        777⤵
        
        PID:15380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        778⤵
        
        PID:15392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        779⤵
        
        PID:15404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        780⤵
        
        PID:15420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        781⤵
        
        PID:15432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        782⤵
        
        PID:15444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        783⤵
        
        PID:15460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        784⤵
        System Location Discovery: System Language Discovery
        
        PID:15472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        785⤵
        
        PID:15492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        786⤵
        
        PID:15504
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        787⤵
        
        PID:15520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        788⤵
        
        PID:15536
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        789⤵
        
        PID:15552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        790⤵
        
        PID:15568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        791⤵
        System Location Discovery: System Language Discovery
        
        PID:15580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        792⤵
        
        PID:15596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        793⤵
        
        PID:15612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        794⤵
        
        PID:15624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        795⤵
        
        PID:15640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        796⤵
        
        PID:15656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        797⤵
        
        PID:15672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        798⤵
        
        PID:15688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        799⤵
        
        PID:15704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        800⤵
        
        PID:15716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        801⤵
        
        PID:15728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        802⤵
        
        PID:15744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        803⤵
        
        PID:15756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        804⤵
        
        PID:15772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        805⤵
        
        PID:15788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        806⤵
        
        PID:15804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        807⤵
        
        PID:15816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        808⤵
        
        PID:15832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        809⤵
        
        PID:15852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        810⤵
        
        PID:15868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        811⤵
        
        PID:15880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        812⤵
        
        PID:15896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        813⤵
        
        PID:15912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        814⤵
        
        PID:15924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        815⤵
        
        PID:15936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        816⤵
        
        PID:15948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        817⤵
        
        PID:15964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        818⤵
        System Location Discovery: System Language Discovery
        
        PID:15976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        819⤵
        
        PID:15992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        820⤵
        
        PID:16008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        821⤵
        
        PID:16024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        822⤵
        
        PID:16036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        823⤵
        
        PID:16048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        824⤵
        
        PID:16060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        825⤵
        
        PID:16076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        826⤵
        
        PID:16092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        827⤵
        
        PID:16108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        828⤵
        
        PID:16124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        829⤵
        
        PID:16140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        830⤵
        
        PID:16152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        831⤵
        System Location Discovery: System Language Discovery
        
        PID:16168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        832⤵
        
        PID:16180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        833⤵
        
        PID:16196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        834⤵
        
        PID:16212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        835⤵
        
        PID:16228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        836⤵
        
        PID:16244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        837⤵
        
        PID:16260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        838⤵
        
        PID:16276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        839⤵
        
        PID:16292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        840⤵
        
        PID:16308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        841⤵
        System Location Discovery: System Language Discovery
        
        PID:16324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        842⤵
        
        PID:16340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        843⤵
        
        PID:16356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        844⤵
        
        PID:16372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        845⤵
        
        PID:824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        846⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        847⤵
        
        PID:16400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        848⤵
        
        PID:16416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        849⤵
        
        PID:16432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        850⤵
        
        PID:16448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        851⤵
        
        PID:16464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        852⤵
        
        PID:16480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        853⤵
        
        PID:16496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        854⤵
        
        PID:16508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        855⤵
        
        PID:16524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        856⤵
        
        PID:16548
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        857⤵
        
        PID:16588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        858⤵
        
        PID:16600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        859⤵
        
        PID:16616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        860⤵
        
        PID:16628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        861⤵
        
        PID:16668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        862⤵
        
        PID:16688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        863⤵
        
        PID:16704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        864⤵
        
        PID:16720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        865⤵
        
        PID:16736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        866⤵
        
        PID:16748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6f2f0ccb3ecacc1c2e7f915943b2ce_JaffaCakes118.dll,#1
        867⤵
        
        PID:16768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4420,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
1⤵
PID:5792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1604-27-0x0000000074BF0000-0x0000000074E74000-memory.dmp

Filesize
2.5MB

Download
memory/1652-0-0x0000000074BF0000-0x0000000074E74000-memory.dmp

Filesize
2.5MB

Download
memory/3644-9-0x0000000074BF0000-0x0000000074E74000-memory.dmp

Filesize
2.5MB

Download
memory/4004-22-0x0000000074BF0000-0x0000000074E74000-memory.dmp

Filesize
2.5MB

Download
memory/16768-30-0x0000000074BF0000-0x0000000074E74000-memory.dmp

Filesize
2.5MB

Download