c129509320193187df4bb12bf6cfd2af6dae0685d2c235f57b6135361c632998

Analysis

max time kernel
135s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll
Size

7KB
MD5

fe7fd4ca7d42de7ed2af2c23cb3fd75a
SHA1

8be36898fdac10e354ecbb257d9b7b3999de600b
SHA256

c129509320193187df4bb12bf6cfd2af6dae0685d2c235f57b6135361c632998
SHA512

8f22494c209bfa5979cb06684aa51dcaa149519111f9a4bcfc61bb67ac08f6801366c37f1e0af9c7bcf98573d1ca07c2492901adfe5c9fe223e4a3ac29b39508
SSDEEP

96:WCWlboc13yCl8giHCw9sGAgSqf/4Rfuw8T0lgEwM706dLF3eJCV:n43jl8HJqfDlgohdLFGW

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 3460	4848	rundll32.exe	85
PID 4848 wrote to memory of 3460	4848	rundll32.exe	85
PID 4848 wrote to memory of 3460	4848	rundll32.exe	85
PID 3460 wrote to memory of 1132	3460	rundll32.exe	86
PID 3460 wrote to memory of 1132	3460	rundll32.exe	86
PID 3460 wrote to memory of 1132	3460	rundll32.exe	86
PID 1132 wrote to memory of 3856	1132	rundll32.exe	87
PID 1132 wrote to memory of 3856	1132	rundll32.exe	87
PID 1132 wrote to memory of 3856	1132	rundll32.exe	87
PID 3856 wrote to memory of 3152	3856	rundll32.exe	88
PID 3856 wrote to memory of 3152	3856	rundll32.exe	88
PID 3856 wrote to memory of 3152	3856	rundll32.exe	88
PID 3152 wrote to memory of 3376	3152	rundll32.exe	89
PID 3152 wrote to memory of 3376	3152	rundll32.exe	89
PID 3152 wrote to memory of 3376	3152	rundll32.exe	89
PID 3376 wrote to memory of 3316	3376	rundll32.exe	90
PID 3376 wrote to memory of 3316	3376	rundll32.exe	90
PID 3376 wrote to memory of 3316	3376	rundll32.exe	90
PID 3316 wrote to memory of 4120	3316	rundll32.exe	91
PID 3316 wrote to memory of 4120	3316	rundll32.exe	91
PID 3316 wrote to memory of 4120	3316	rundll32.exe	91
PID 4120 wrote to memory of 1624	4120	rundll32.exe	92
PID 4120 wrote to memory of 1624	4120	rundll32.exe	92
PID 4120 wrote to memory of 1624	4120	rundll32.exe	92
PID 1624 wrote to memory of 1672	1624	rundll32.exe	93
PID 1624 wrote to memory of 1672	1624	rundll32.exe	93
PID 1624 wrote to memory of 1672	1624	rundll32.exe	93
PID 1672 wrote to memory of 3808	1672	rundll32.exe	94
PID 1672 wrote to memory of 3808	1672	rundll32.exe	94
PID 1672 wrote to memory of 3808	1672	rundll32.exe	94
PID 3808 wrote to memory of 1000	3808	rundll32.exe	95
PID 3808 wrote to memory of 1000	3808	rundll32.exe	95
PID 3808 wrote to memory of 1000	3808	rundll32.exe	95
PID 1000 wrote to memory of 4360	1000	rundll32.exe	96
PID 1000 wrote to memory of 4360	1000	rundll32.exe	96
PID 1000 wrote to memory of 4360	1000	rundll32.exe	96
PID 4360 wrote to memory of 2576	4360	rundll32.exe	97
PID 4360 wrote to memory of 2576	4360	rundll32.exe	97
PID 4360 wrote to memory of 2576	4360	rundll32.exe	97
PID 2576 wrote to memory of 1560	2576	rundll32.exe	98
PID 2576 wrote to memory of 1560	2576	rundll32.exe	98
PID 2576 wrote to memory of 1560	2576	rundll32.exe	98
PID 1560 wrote to memory of 4576	1560	rundll32.exe	99
PID 1560 wrote to memory of 4576	1560	rundll32.exe	99
PID 1560 wrote to memory of 4576	1560	rundll32.exe	99
PID 4576 wrote to memory of 620	4576	rundll32.exe	100
PID 4576 wrote to memory of 620	4576	rundll32.exe	100
PID 4576 wrote to memory of 620	4576	rundll32.exe	100
PID 620 wrote to memory of 2260	620	rundll32.exe	101
PID 620 wrote to memory of 2260	620	rundll32.exe	101
PID 620 wrote to memory of 2260	620	rundll32.exe	101
PID 2260 wrote to memory of 996	2260	rundll32.exe	102
PID 2260 wrote to memory of 996	2260	rundll32.exe	102
PID 2260 wrote to memory of 996	2260	rundll32.exe	102
PID 996 wrote to memory of 748	996	rundll32.exe	103
PID 996 wrote to memory of 748	996	rundll32.exe	103
PID 996 wrote to memory of 748	996	rundll32.exe	103
PID 748 wrote to memory of 3880	748	rundll32.exe	104
PID 748 wrote to memory of 3880	748	rundll32.exe	104
PID 748 wrote to memory of 3880	748	rundll32.exe	104
PID 3880 wrote to memory of 4896	3880	rundll32.exe	105
PID 3880 wrote to memory of 4896	3880	rundll32.exe	105
PID 3880 wrote to memory of 4896	3880	rundll32.exe	105
PID 4896 wrote to memory of 4320	4896	rundll32.exe	106

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3460
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1132
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3856
    - - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3152
      - C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:3316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:1672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:3808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:1000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:4360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:2576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        15⤵
        Suspicious use of WriteProcessMemory
        
        PID:1560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        17⤵
        Suspicious use of WriteProcessMemory
        
        PID:620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:2260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        19⤵
        Suspicious use of WriteProcessMemory
        
        PID:996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        21⤵
        Suspicious use of WriteProcessMemory
        
        PID:3880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:4896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        23⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        24⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        25⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        26⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        27⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        28⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        29⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        30⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        31⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        32⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        33⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        34⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        35⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        36⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        37⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        38⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        39⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        40⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        41⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        42⤵
        
        PID:916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        43⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        44⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        45⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        46⤵
        
        PID:112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        47⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        48⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        49⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        50⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        52⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        53⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        54⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        55⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        56⤵
        
        PID:784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        57⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        58⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        59⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        60⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        61⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        62⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        63⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        64⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:2428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        67⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        68⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        69⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        70⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        71⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        72⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        73⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        74⤵
        
        PID:64
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        75⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        76⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        77⤵
        
        PID:384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        78⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        79⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        80⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        81⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        82⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        83⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        84⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        85⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        86⤵
        
        PID:856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        87⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        88⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        89⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        90⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        91⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        92⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        93⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        94⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        95⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        96⤵
        
        PID:736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        97⤵
        
        PID:624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        98⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        99⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        100⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        101⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        102⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        103⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        104⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        105⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        106⤵
        
        PID:900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        107⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        109⤵
        
        PID:448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        110⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        111⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        112⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        113⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        114⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        115⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        116⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        117⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        118⤵
        
        PID:116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        119⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        120⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        121⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        122⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        123⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        124⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        125⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        126⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        127⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        128⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        129⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        130⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        131⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        132⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        133⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        134⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        135⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        136⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        137⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:5428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        139⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        140⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        141⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        142⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        143⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        144⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        145⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        146⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        147⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        148⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        149⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        151⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        152⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        153⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        154⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        155⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        156⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        157⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        158⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        159⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        160⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        161⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        162⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:5804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        164⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        165⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        166⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        167⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        168⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        169⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        170⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        171⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        172⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        173⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        174⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        175⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        176⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        177⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        178⤵
        System Location Discovery: System Language Discovery
        
        PID:6032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        179⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        180⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        181⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        182⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        183⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        184⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        185⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        186⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        187⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        188⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        189⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        190⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        191⤵
        System Location Discovery: System Language Discovery
        
        PID:6220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        192⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        193⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        194⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        195⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        196⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        197⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        199⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        200⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        201⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        202⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        203⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        204⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        205⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        206⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        207⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        208⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        209⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        210⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        211⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        212⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        213⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        214⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        215⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        216⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        217⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        218⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        219⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        220⤵
        System Location Discovery: System Language Discovery
        
        PID:6664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        221⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        222⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        223⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        224⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        225⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        226⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        227⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        228⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        229⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        230⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        231⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        232⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        233⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        234⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        235⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        236⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        237⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        238⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        239⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        240⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        241⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        242⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        243⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        244⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        245⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        246⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        247⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        248⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        249⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        250⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        251⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        252⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        253⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        254⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        255⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        256⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        257⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        258⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        259⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        260⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        261⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        262⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        263⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        264⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        265⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        266⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        267⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        268⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        269⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        270⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        271⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        272⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        273⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        274⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        275⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        276⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        277⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        278⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        279⤵
        System Location Discovery: System Language Discovery
        
        PID:7568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        280⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        281⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        282⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        283⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        284⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        285⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        286⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        287⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        288⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        289⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        290⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        291⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        292⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        293⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        294⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        295⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        296⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        297⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        298⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        299⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        300⤵
        System Location Discovery: System Language Discovery
        
        PID:7908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        301⤵
        System Location Discovery: System Language Discovery
        
        PID:7920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        302⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        303⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        304⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        305⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        306⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        307⤵
        System Location Discovery: System Language Discovery
        
        PID:8020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        308⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        309⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        310⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        311⤵
        System Location Discovery: System Language Discovery
        
        PID:8076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        312⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        313⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        314⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        315⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        316⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        317⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        318⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        319⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        320⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        321⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        322⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        323⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        324⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        325⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        326⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        327⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        328⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        329⤵
        System Location Discovery: System Language Discovery
        
        PID:8336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        330⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        331⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        332⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        333⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        334⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        335⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        336⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        337⤵
        System Location Discovery: System Language Discovery
        
        PID:8448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        338⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        339⤵
        System Location Discovery: System Language Discovery
        
        PID:8476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        340⤵
        System Location Discovery: System Language Discovery
        
        PID:8496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        341⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        342⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        343⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        344⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        345⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        346⤵
        System Location Discovery: System Language Discovery
        
        PID:8592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        347⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        348⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        349⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        350⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        351⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        352⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        353⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        354⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        355⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        356⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        357⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        358⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        359⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        360⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        361⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        362⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        363⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        364⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        365⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        366⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        367⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        368⤵
        System Location Discovery: System Language Discovery
        
        PID:8924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        369⤵
        System Location Discovery: System Language Discovery
        
        PID:8940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        370⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        371⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        372⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        373⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        374⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        375⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        376⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        377⤵
        System Location Discovery: System Language Discovery
        
        PID:9048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        378⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        379⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        380⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        381⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        382⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        383⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        384⤵
        System Location Discovery: System Language Discovery
        
        PID:9156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        385⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        386⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        387⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        388⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        389⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        390⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        391⤵
        System Location Discovery: System Language Discovery
        
        PID:9260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        392⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        393⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        394⤵
        System Location Discovery: System Language Discovery
        
        PID:9308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        395⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        396⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        397⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        398⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        399⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        400⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        401⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        402⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        403⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        404⤵
        System Location Discovery: System Language Discovery
        
        PID:9464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        405⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        406⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        407⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        408⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        409⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        410⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        411⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        412⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        413⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        414⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        415⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        416⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        417⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        418⤵
        System Location Discovery: System Language Discovery
        
        PID:9684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        419⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        420⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        421⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        422⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        423⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        424⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        425⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        426⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        427⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        428⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        429⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        430⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        431⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        432⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        433⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        434⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        435⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        436⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        437⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        438⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        439⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        440⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        441⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        442⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        443⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        444⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        445⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        446⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        447⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        448⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        449⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        450⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        451⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        452⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        453⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        454⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        455⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        456⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        457⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        458⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        459⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        460⤵
        System Location Discovery: System Language Discovery
        
        PID:10288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        461⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        462⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        463⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        464⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        465⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        466⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        467⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        468⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        469⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        470⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        471⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        472⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        473⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        474⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        475⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        476⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        477⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        478⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        479⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        480⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        481⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        482⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        483⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        484⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        485⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        486⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        487⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        488⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        489⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        490⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        491⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        492⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        493⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        494⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        495⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        496⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        497⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        498⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        499⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        500⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        501⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        502⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        503⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        504⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        505⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        506⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        507⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        508⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        509⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        510⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        511⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        512⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        513⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        514⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        515⤵
        System Location Discovery: System Language Discovery
        
        PID:11144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        516⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        517⤵
        System Location Discovery: System Language Discovery
        
        PID:11172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        518⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        519⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        520⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        521⤵
        System Location Discovery: System Language Discovery
        
        PID:11236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        522⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        523⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        524⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        525⤵
        System Location Discovery: System Language Discovery
        
        PID:11292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        526⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        527⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        528⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        529⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        530⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        531⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        532⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        533⤵
        System Location Discovery: System Language Discovery
        
        PID:11420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        534⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        535⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        536⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        537⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        538⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        539⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        540⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        541⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        542⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        543⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        544⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        545⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        546⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        547⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        548⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        549⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        550⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        551⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        552⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        553⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        554⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        555⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        556⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        557⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        558⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        559⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        560⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        561⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        562⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        563⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        564⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        565⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        566⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        567⤵
        System Location Discovery: System Language Discovery
        
        PID:11936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        568⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        569⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        570⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        571⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        572⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        573⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        574⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        575⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        576⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        577⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        578⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        579⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        580⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        581⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        582⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        583⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        584⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        585⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        586⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        587⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        588⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        589⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        590⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        591⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        592⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        593⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        594⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        595⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        596⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        597⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        598⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        599⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        600⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        601⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        602⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        603⤵
        System Location Discovery: System Language Discovery
        
        PID:12472
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        604⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        605⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        606⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        607⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        608⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        609⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        610⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        611⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        612⤵
        System Location Discovery: System Language Discovery
        
        PID:12616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        613⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        614⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        615⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        616⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        617⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        618⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        619⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        620⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        621⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        622⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        623⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        624⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        625⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        626⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        627⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        628⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        629⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        630⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        631⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        632⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        633⤵
        System Location Discovery: System Language Discovery
        
        PID:12968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        634⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        635⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        636⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        637⤵
        System Location Discovery: System Language Discovery
        
        PID:13032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        638⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        639⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        640⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        641⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        642⤵
        System Location Discovery: System Language Discovery
        
        PID:13108
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        643⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        644⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        645⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        646⤵
        System Location Discovery: System Language Discovery
        
        PID:13164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        647⤵
        System Location Discovery: System Language Discovery
        
        PID:13180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        648⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        649⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        650⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        651⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        652⤵
        System Location Discovery: System Language Discovery
        
        PID:13252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        653⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        654⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        655⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        656⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        657⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        658⤵
        
        PID:13344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        659⤵
        
        PID:13360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        660⤵
        
        PID:13392
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        661⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        662⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        663⤵
        
        PID:13480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        664⤵
        
        PID:13508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        665⤵
        System Location Discovery: System Language Discovery
        
        PID:13544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        666⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        667⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        668⤵
        
        PID:13652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        669⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        670⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        671⤵
        
        PID:13696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        672⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        673⤵
        
        PID:13732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        674⤵
        
        PID:13748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        675⤵
        
        PID:13760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        676⤵
        
        PID:13780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        677⤵
        
        PID:13800
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        678⤵
        
        PID:13828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        679⤵
        
        PID:13844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        680⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        681⤵
        
        PID:13872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        682⤵
        
        PID:13888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        683⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        684⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        685⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        686⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        687⤵
        
        PID:13960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        688⤵
        
        PID:13976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        689⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        690⤵
        
        PID:14000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        691⤵
        
        PID:14016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        692⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        693⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        694⤵
        
        PID:14052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        695⤵
        
        PID:14064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        696⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        697⤵
        System Location Discovery: System Language Discovery
        
        PID:14092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        698⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        699⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        700⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        701⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        702⤵
        System Location Discovery: System Language Discovery
        
        PID:14172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        703⤵
        
        PID:14184
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        704⤵
        
        PID:14208
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        705⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        706⤵
        
        PID:14240
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        707⤵
        
        PID:14256
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        708⤵
        
        PID:14272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        709⤵
        
        PID:14288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        710⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        711⤵
        System Location Discovery: System Language Discovery
        
        PID:14312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        712⤵
        
        PID:14332
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        713⤵
        System Location Discovery: System Language Discovery
        
        PID:14344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        714⤵
        
        PID:14360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        715⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        716⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        717⤵
        
        PID:14412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        718⤵
        
        PID:14428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        719⤵
        
        PID:14444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        720⤵
        
        PID:14460
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        721⤵
        
        PID:14476
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        722⤵
        
        PID:14492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        723⤵
        
        PID:14508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        724⤵
        
        PID:14524
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        725⤵
        System Location Discovery: System Language Discovery
        
        PID:14540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        726⤵
        
        PID:14556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        727⤵
        
        PID:14568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        728⤵
        
        PID:14584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        729⤵
        System Location Discovery: System Language Discovery
        
        PID:14600
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        730⤵
        
        PID:14616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        731⤵
        
        PID:14632
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        732⤵
        
        PID:14644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        733⤵
        
        PID:14660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        734⤵
        
        PID:14672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        735⤵
        
        PID:14688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        736⤵
        
        PID:14700
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        737⤵
        
        PID:14716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        738⤵
        
        PID:14732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        739⤵
        
        PID:14744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        740⤵
        
        PID:14760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        741⤵
        
        PID:14776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        742⤵
        
        PID:14792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        743⤵
        
        PID:14804
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        744⤵
        
        PID:14816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        745⤵
        
        PID:14832
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        746⤵
        
        PID:14848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        747⤵
        
        PID:14860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        748⤵
        
        PID:14876
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        749⤵
        
        PID:14892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        750⤵
        
        PID:14908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        751⤵
        
        PID:14920
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        752⤵
        
        PID:14936
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        753⤵
        
        PID:14952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        754⤵
        
        PID:14964
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        755⤵
        
        PID:14984
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        756⤵
        
        PID:15000
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        757⤵
        
        PID:15016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        758⤵
        System Location Discovery: System Language Discovery
        
        PID:15032
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        759⤵
        
        PID:15048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        760⤵
        
        PID:15064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        761⤵
        
        PID:15076
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        762⤵
        
        PID:15096
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        763⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        764⤵
        System Location Discovery: System Language Discovery
        
        PID:15128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        765⤵
        System Location Discovery: System Language Discovery
        
        PID:15144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        766⤵
        
        PID:15164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        767⤵
        
        PID:15180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        768⤵
        
        PID:15196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        769⤵
        
        PID:15212
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        770⤵
        
        PID:15228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        771⤵
        
        PID:15244
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        772⤵
        
        PID:15260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        773⤵
        
        PID:15276
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        774⤵
        
        PID:15292
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        775⤵
        
        PID:15308
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        776⤵
        
        PID:15324
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        777⤵
        
        PID:15336
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        778⤵
        
        PID:15352
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        779⤵
        
        PID:15368
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        780⤵
        
        PID:15384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        781⤵
        
        PID:15400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        782⤵
        
        PID:15416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        783⤵
        
        PID:15428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        784⤵
        
        PID:15444
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        785⤵
        
        PID:15468
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        786⤵
        
        PID:15512
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        787⤵
        
        PID:15528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        788⤵
        
        PID:15544
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        789⤵
        
        PID:15560
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        790⤵
        
        PID:15576
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        791⤵
        
        PID:15588
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        792⤵
        
        PID:15608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        793⤵
        
        PID:15624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        794⤵
        
        PID:15640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        795⤵
        
        PID:15656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        796⤵
        
        PID:15672
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        797⤵
        
        PID:15688
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        798⤵
        
        PID:15704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        799⤵
        
        PID:15716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        800⤵
        
        PID:15732
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        801⤵
        
        PID:15748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        802⤵
        
        PID:15764
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        803⤵
        
        PID:15780
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        804⤵
        
        PID:15796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        805⤵
        
        PID:15808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        806⤵
        
        PID:15828
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        807⤵
        
        PID:15844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        808⤵
        
        PID:15856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        809⤵
        
        PID:15872
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        810⤵
        
        PID:15888
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        811⤵
        
        PID:15900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        812⤵
        
        PID:15916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        813⤵
        
        PID:15932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        814⤵
        
        PID:15948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        815⤵
        
        PID:15960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        816⤵
        System Location Discovery: System Language Discovery
        
        PID:15976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        817⤵
        
        PID:15988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        818⤵
        
        PID:16004
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        819⤵
        System Location Discovery: System Language Discovery
        
        PID:16020
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        820⤵
        
        PID:16040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        821⤵
        
        PID:16056
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        822⤵
        
        PID:16072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        823⤵
        
        PID:16088
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        824⤵
        
        PID:16104
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        825⤵
        
        PID:16120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        826⤵
        
        PID:16132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        827⤵
        
        PID:16148
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        828⤵
        System Location Discovery: System Language Discovery
        
        PID:16160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        829⤵
        System Location Discovery: System Language Discovery
        
        PID:16172
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        830⤵
        
        PID:16188
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        831⤵
        
        PID:16204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        832⤵
        System Location Discovery: System Language Discovery
        
        PID:16220
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        833⤵
        
        PID:16236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        834⤵
        
        PID:16252
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        835⤵
        System Location Discovery: System Language Discovery
        
        PID:16268
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        836⤵
        
        PID:16280
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        837⤵
        
        PID:16296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        838⤵
        
        PID:16312
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        839⤵
        
        PID:16328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        840⤵
        
        PID:16340
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        841⤵
        
        PID:16356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        842⤵
        
        PID:16372
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        843⤵
        
        PID:15500
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        844⤵
        System Location Discovery: System Language Discovery
        
        PID:3408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        845⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        846⤵
        
        PID:16388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        847⤵
        
        PID:16404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        848⤵
        
        PID:16420
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        849⤵
        
        PID:16436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        850⤵
        
        PID:16452
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        851⤵
        
        PID:16464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        852⤵
        
        PID:16480
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        853⤵
        
        PID:16492
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        854⤵
        
        PID:16508
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        855⤵
        
        PID:16528
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        856⤵
        
        PID:16540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        857⤵
        System Location Discovery: System Language Discovery
        
        PID:16556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        858⤵
        
        PID:16568
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        859⤵
        
        PID:16584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        860⤵
        
        PID:16596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        861⤵
        
        PID:16616
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        862⤵
        
        PID:16628
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        863⤵
        
        PID:16644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        864⤵
        
        PID:16660
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        865⤵
        
        PID:16676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        866⤵
        
        PID:16692
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        867⤵
        
        PID:16704
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        868⤵
        
        PID:16724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        869⤵
        
        PID:16740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        870⤵
        
        PID:16756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        871⤵
        
        PID:16772
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        872⤵
        
        PID:16788
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        873⤵
        
        PID:16808
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        874⤵
        
        PID:16820
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        875⤵
        
        PID:16840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        876⤵
        
        PID:16856
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        877⤵
        
        PID:16868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        878⤵
        
        PID:16884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        879⤵
        
        PID:16900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        880⤵
        
        PID:16916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        881⤵
        
        PID:16932
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        882⤵
        
        PID:16948
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        883⤵
        
        PID:16960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        884⤵
        
        PID:16980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        885⤵
        
        PID:16996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        886⤵
        
        PID:17012
        
        C:\Windows\SysWOW64\rundll32.exe
        
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7fd4ca7d42de7ed2af2c23cb3fd75a_JaffaCakes118.dll,#1
        887⤵
        
        PID:17028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/16960-0-0x0000000074D90000-0x0000000075014000-memory.dmp

Filesize
2.5MB

Download