nanocore | cd1de2640e4fb5b66ca8b02fe6340d8c2111cb44092a1dd86d6c467456dd7716

General

Target

3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Size

1.4MB
MD5

3c08f6f4822e6db8251c8aeb87674229
SHA1

2cdb2b28f64dd2986cc293344a3c449f28d7c7a8
SHA256

cd1de2640e4fb5b66ca8b02fe6340d8c2111cb44092a1dd86d6c467456dd7716
SHA512

f70046e9da9c26908811feccd8316eefb5a51c0b9438d38e8766a625bda41c7acaa722bb2ea66d0398bb19bb642916dcae7abb7edd785bcedb4d9be672f441a9
SSDEEP

24576:ItNAxLvHp5/ZX3RtVidNOwCT7FGeAfd844UHu38bGRfSNQJvQvBLgT6WoI2ii/9Q:INI+56QD

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

79.134.225.106:2110

Mutex

038bbe7d-bb0f-4e39-acc0-328059e1f435

Attributes

activate_away_mode
true
backup_connection_host
79.134.225.106
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-08-12T05:17:21.810663436Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
2110
default_group
test
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
038bbe7d-bb0f-4e39-acc0-328059e1f435
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
79.134.225.106
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

RegAsm.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DOS Manager = "C:\\Program Files (x86)\\DOS Manager\\dosmgr.exe"	RegAsm.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

RegAsm.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RegAsm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RegAsm.exe

Suspicious use of SetThreadContext 64 IoCs

Processes:

3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe

description	pid	process	target process
PID 2932 set thread context of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 set thread context of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 set thread context of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 set thread context of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 set thread context of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2944 set thread context of 3064	2944	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2068 set thread context of 2172	2068	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1408 set thread context of 236	1408	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2188 set thread context of 1268	2188	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1200 set thread context of 2292	1200	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2432 set thread context of 2408	2432	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 776 set thread context of 1044	776	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 840 set thread context of 1744	840	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2996 set thread context of 1096	2996	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 344 set thread context of 1224	344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2056 set thread context of 496	2056	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2148 set thread context of 2008	2148	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2132 set thread context of 1576	2132	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2800 set thread context of 1512	2800	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1936 set thread context of 2604	1936	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2588 set thread context of 2628	2588	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 340 set thread context of 2452	340	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1768 set thread context of 1656	1768	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2344 set thread context of 2192	2344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1344 set thread context of 2220	1344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2212 set thread context of 1620	2212	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2240 set thread context of 2432	2240	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 776 set thread context of 2280	776	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 3000 set thread context of 684	3000	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2712 set thread context of 760	2712	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2824 set thread context of 2572	2824	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1524 set thread context of 1928	1524	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2164 set thread context of 2204	2164	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2788 set thread context of 2560	2788	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1828 set thread context of 3064	1828	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2744 set thread context of 2820	2744	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 236 set thread context of 2944	236	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1436 set thread context of 2120	1436	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2692 set thread context of 2312	2692	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1596 set thread context of 1844	1596	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2420 set thread context of 1776	2420	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2188 set thread context of 3016	2188	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2272 set thread context of 2484	2272	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1460 set thread context of 1568	1460	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 296 set thread context of 3000	296	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2108 set thread context of 1032	2108	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2636 set thread context of 2824	2636	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2816 set thread context of 2092	2816	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2644 set thread context of 2796	2644	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1476 set thread context of 1860	1476	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2812 set thread context of 1424	2812	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2520 set thread context of 380	2520	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1004 set thread context of 2900	1004	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 632 set thread context of 1044	632	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 484 set thread context of 1876	484	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2236 set thread context of 948	2236	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1976 set thread context of 1304	1976	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2968 set thread context of 2716	2968	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 912 set thread context of 2288	912	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2704 set thread context of 2456	2704	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 348 set thread context of 2228	348	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2644 set thread context of 2748	2644	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2408 set thread context of 1512	2408	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 1548 set thread context of 572	1548	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe

Drops file in Program Files directory 2 IoCs

Processes:

RegAsm.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\DOS Manager\dosmgr.exe	RegAsm.exe
File created	C:\Program Files (x86)\DOS Manager\dosmgr.exe	RegAsm.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe

pid	process
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

RegAsm.exe

pid process

2540 RegAsm.exe

pid	process
2540	RegAsm.exe

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe

pid	process
2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2944	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2068	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1408	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2188	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1200	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2432	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
776	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
840	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2996	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2056	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2148	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2132	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2800	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1936	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2588	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
340	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1768	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2212	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2240	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
776	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
3000	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2712	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2824	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1524	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1524	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2164	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2788	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1828	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2744	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
236	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1436	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2692	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1596	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2420	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2188	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2272	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1460	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
296	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2108	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2636	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2636	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2816	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2644	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1476	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1476	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2812	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2812	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2520	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1004	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
632	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
484	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2236	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1976	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
1976	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
2968	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
912	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exeRegAsm.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2540	RegAsm.exe
Token: SeDebugPrivilege	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2944	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2068	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1408	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2188	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1200	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2432	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	776	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	840	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2996	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2056	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2148	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2132	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2800	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1936	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2588	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	340	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1768	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1344	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2212	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2240	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	776	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	3000	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2712	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2824	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1524	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2164	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2788	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1828	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2744	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	236	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1436	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2692	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1596	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2420	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2188	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2272	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1460	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	296	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2108	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2636	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2816	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2644	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1476	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2812	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2520	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1004	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	632	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	484	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2236	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	1976	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2968	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	912	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2704	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	348	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2644	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
Token: SeDebugPrivilege	2408	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe

description	pid	process	target process
PID 2932 wrote to memory of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2932 wrote to memory of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2932 wrote to memory of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2932 wrote to memory of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2932 wrote to memory of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2932 wrote to memory of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2932 wrote to memory of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2932 wrote to memory of 2540	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2932 wrote to memory of 2664	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2932 wrote to memory of 2664	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2932 wrote to memory of 2664	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2932 wrote to memory of 2664	2932	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2664 wrote to memory of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 wrote to memory of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 wrote to memory of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 wrote to memory of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 wrote to memory of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 wrote to memory of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 wrote to memory of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 wrote to memory of 2712	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2664 wrote to memory of 2448	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2664 wrote to memory of 2448	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2664 wrote to memory of 2448	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2664 wrote to memory of 2448	2664	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2448 wrote to memory of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 wrote to memory of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 wrote to memory of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 wrote to memory of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 wrote to memory of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 wrote to memory of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 wrote to memory of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 wrote to memory of 2480	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2448 wrote to memory of 2020	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2448 wrote to memory of 2020	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2448 wrote to memory of 2020	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2448 wrote to memory of 2020	2448	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2020 wrote to memory of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 wrote to memory of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 wrote to memory of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 wrote to memory of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 wrote to memory of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 wrote to memory of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 wrote to memory of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 wrote to memory of 2908	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2020 wrote to memory of 2748	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2020 wrote to memory of 2748	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2020 wrote to memory of 2748	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2020 wrote to memory of 2748	2020	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2748 wrote to memory of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 wrote to memory of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 wrote to memory of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 wrote to memory of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 wrote to memory of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 wrote to memory of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 wrote to memory of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 wrote to memory of 2764	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2748 wrote to memory of 2944	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2748 wrote to memory of 2944	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2748 wrote to memory of 2944	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2748 wrote to memory of 2944	2748	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
PID 2944 wrote to memory of 3064	2944	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2944 wrote to memory of 3064	2944	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2944 wrote to memory of 3064	2944	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe
PID 2944 wrote to memory of 3064	2944	3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2540

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2448

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
4⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
4⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
5⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
5⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2748

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
7⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
7⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
8⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
9⤵
PID:236

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2188

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
10⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
10⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1200

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
11⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
11⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
12⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
12⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
13⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
13⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:840

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
14⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
14⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
15⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
15⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
16⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
16⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2056

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
17⤵
PID:496

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
17⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
18⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
18⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
19⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
19⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
20⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
20⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
21⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
21⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
22⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
22⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
23⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
23⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
24⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
24⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
25⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
25⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
26⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
27⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
27⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
28⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
28⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
29⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
29⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
30⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
30⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
31⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
31⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
32⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
32⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
33⤵
PID:2184

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
33⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
33⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2164

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
34⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
34⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
35⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
35⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
36⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
36⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
37⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
37⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
38⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
38⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
39⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
39⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
40⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
40⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
41⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
41⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2420

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
42⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
42⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2188

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
43⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
43⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2272

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
44⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
44⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
45⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
45⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:296

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
46⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
46⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
47⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
47⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
48⤵
PID:2148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
48⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
48⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
49⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
49⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2644

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
50⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
50⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
51⤵
PID:1268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
51⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
51⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
52⤵
PID:2804

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
52⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
52⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2520

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
53⤵
PID:380

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
53⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
54⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
54⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
55⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
55⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
56⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
56⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
57⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
57⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
58⤵
PID:928

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
58⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
58⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
59⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
59⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
60⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
60⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
61⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
61⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
62⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
62⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2644

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
63⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
63⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
64⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
64⤵
- Suspicious use of SetThreadContext
PID:1548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
65⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
65⤵
PID:1596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
66⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
66⤵
PID:2912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
67⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
67⤵
PID:1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
68⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
68⤵
PID:3040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
69⤵
PID:808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
69⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
69⤵
PID:1248

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
70⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
70⤵
PID:2400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
71⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
71⤵
PID:2684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
72⤵
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
73⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
73⤵
PID:1872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
74⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
74⤵
PID:1784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
75⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
75⤵
PID:2932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
76⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
76⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
77⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
77⤵
PID:1308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
78⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
78⤵
PID:2068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
79⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
79⤵
PID:2276

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
80⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
80⤵
PID:2436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
81⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
81⤵
PID:2792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
82⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
82⤵
PID:2796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
83⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
83⤵
PID:2908

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
84⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
84⤵
PID:2544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
85⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
85⤵
PID:868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
86⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
86⤵
PID:2468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
87⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
87⤵
PID:2340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
88⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
88⤵
PID:2964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
89⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
89⤵
PID:1344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
90⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
90⤵
PID:1244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
91⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
91⤵
PID:2776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
92⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
92⤵
PID:2136

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
93⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
93⤵
PID:2788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
94⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
94⤵
PID:1476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
95⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
95⤵
PID:284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
96⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
96⤵
PID:2172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
97⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
97⤵
PID:2112

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
98⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
98⤵
PID:2308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
99⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
99⤵
PID:2672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
100⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
100⤵
PID:2320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
101⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
101⤵
PID:2928

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
102⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
102⤵
PID:2252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
103⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
103⤵
PID:2216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
104⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
104⤵
PID:1204

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
105⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
105⤵
PID:2812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
106⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
106⤵
PID:2208

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
107⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
107⤵
PID:2092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
108⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
108⤵
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
109⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
109⤵
PID:2328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
110⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
110⤵
PID:1736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
111⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
111⤵
PID:1828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
112⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
112⤵
PID:2476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
113⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
113⤵
PID:2932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
114⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
114⤵
PID:1392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
115⤵
PID:2672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
115⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
115⤵
PID:2320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
116⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
116⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
117⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
117⤵
PID:780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
118⤵
PID:1304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
118⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
118⤵
PID:2716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
119⤵
PID:1656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
119⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
119⤵
PID:2680

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
120⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
120⤵
PID:2404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
121⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
121⤵
PID:1616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
122⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
122⤵
PID:2272

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
123⤵
PID:2824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
123⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
123⤵
PID:2728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
124⤵
PID:1536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
124⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
124⤵
PID:1976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
125⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
125⤵
PID:1664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
126⤵
PID:2808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
126⤵
PID:1956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
126⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
126⤵
PID:2636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
127⤵
PID:1744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
127⤵
PID:2784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
127⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
127⤵
PID:872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
128⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
128⤵
PID:2416

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
129⤵
PID:1596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
130⤵
PID:2364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
130⤵
PID:496

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
130⤵
PID:1916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
131⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
131⤵
PID:2964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
132⤵
PID:1004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
132⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
132⤵
PID:1860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
133⤵
PID:2164

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
133⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
133⤵
PID:832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
134⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
134⤵
PID:320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
135⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
135⤵
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
136⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
136⤵
PID:900

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
137⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
137⤵
PID:1744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
138⤵
PID:2796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
138⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
138⤵
PID:1828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
139⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
139⤵
PID:764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
140⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
140⤵
PID:1508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
141⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
141⤵
PID:2756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
142⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
142⤵
PID:1596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
143⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
143⤵
PID:2684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
144⤵
PID:2216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
144⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
144⤵
PID:2424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
145⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
145⤵
PID:828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
146⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
146⤵
PID:808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
147⤵
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
147⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
147⤵
PID:1308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
148⤵
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
148⤵
PID:1220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
148⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
148⤵
PID:1548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
149⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
149⤵
PID:988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
150⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
150⤵
PID:2996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
151⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
151⤵
PID:2752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
152⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
152⤵
PID:3052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
153⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
153⤵
PID:1608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
154⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
154⤵
PID:2756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
155⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
155⤵
PID:316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
156⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
156⤵
PID:2492

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
157⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
157⤵
PID:1896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
158⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
158⤵
PID:2096

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
159⤵
PID:844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
159⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
159⤵
PID:1872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
160⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
160⤵
PID:340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
161⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
161⤵
PID:2800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
162⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
162⤵
PID:300

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
163⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
163⤵
PID:2716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
164⤵
PID:1524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
164⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
164⤵
PID:2604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
165⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
165⤵
PID:3052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
166⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
166⤵
PID:1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
167⤵
PID:656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
167⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
167⤵
PID:1932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
168⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
168⤵
PID:2536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
169⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
169⤵
PID:2304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
170⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
170⤵
PID:112

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
171⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
171⤵
PID:2248

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
172⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
172⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
173⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
173⤵
PID:2736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
174⤵
PID:1344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
174⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
174⤵
PID:2912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
175⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
175⤵
PID:300

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:2264

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
176⤵
PID:2792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
177⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
177⤵
PID:2024

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
178⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
178⤵
PID:780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
179⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
179⤵
PID:1488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
180⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
180⤵
PID:584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
181⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
181⤵
PID:1516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
182⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
182⤵
PID:1540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
183⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
183⤵
PID:1032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
184⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
184⤵
PID:1880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
185⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
185⤵
PID:2652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
186⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
186⤵
PID:2448

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
187⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
187⤵
PID:1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
188⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
188⤵
PID:1616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
189⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
189⤵
PID:2792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
190⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
190⤵
PID:984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
191⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
191⤵
PID:1600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
192⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
192⤵
PID:2588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
193⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
193⤵
PID:2064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
194⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
194⤵
PID:1948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
195⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
195⤵
PID:1836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
196⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
196⤵
PID:340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
197⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
197⤵
PID:1032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
198⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
198⤵
PID:2692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
199⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
199⤵
PID:2300

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
200⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
200⤵
PID:2448

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
201⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
201⤵
PID:1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
202⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
202⤵
PID:2704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
203⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
203⤵
PID:868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
204⤵
PID:2820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
204⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
204⤵
PID:2676

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
205⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
205⤵
PID:1644

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
206⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
206⤵
PID:1976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
207⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
207⤵
PID:2384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
208⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
208⤵
PID:2572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
209⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
209⤵
PID:632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
210⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
210⤵
PID:2996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
211⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
211⤵
PID:2000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
212⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
212⤵
PID:284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
213⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
213⤵
PID:1496

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
214⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
214⤵
PID:2912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
215⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
215⤵
PID:3008

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
216⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
216⤵
PID:2276

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
217⤵
PID:1440

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
217⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
217⤵
PID:2216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
218⤵
PID:2236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
219⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
219⤵
PID:1468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
220⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
220⤵
PID:2260

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
221⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
221⤵
PID:3044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
222⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
222⤵
PID:2364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
223⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
223⤵
PID:2332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
224⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
224⤵
PID:2996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
225⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
225⤵
PID:2272

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
226⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
226⤵
PID:2244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
227⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
227⤵
PID:2412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
228⤵
PID:1740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
228⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
228⤵
PID:752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
229⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
229⤵
PID:2688

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
230⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
230⤵
PID:2352

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
231⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
231⤵
PID:2832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
232⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
232⤵
PID:2784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
233⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
233⤵
PID:2564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
234⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
234⤵
PID:1228

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
235⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
235⤵
PID:1936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
236⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
236⤵
PID:344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
237⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
237⤵
PID:1196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
238⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
238⤵
PID:2180

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
239⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
239⤵
PID:2888

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
240⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
240⤵
PID:1420

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
241⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
241⤵
PID:2684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
242⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
242⤵
PID:2984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
243⤵
PID:2820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
243⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
243⤵
PID:2688

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
244⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
244⤵
PID:1996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
245⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
245⤵
PID:868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
246⤵
PID:2788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
246⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
246⤵
PID:2784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
247⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
247⤵
PID:1224

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
248⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
248⤵
PID:2768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
249⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
249⤵
PID:1936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
250⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
250⤵
PID:632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
251⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
251⤵
PID:1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
252⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
252⤵
PID:2180

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
253⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
253⤵
PID:1544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
254⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
254⤵
PID:3048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
255⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
255⤵
PID:3008

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
256⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
256⤵
PID:2984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
257⤵
PID:2612

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
258⤵
PID:780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
258⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
258⤵
PID:2936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
259⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
259⤵
PID:1896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
260⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
260⤵
PID:2456

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
261⤵
PID:1612

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
261⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
261⤵
PID:1508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
262⤵
PID:2896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
262⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
262⤵
PID:1804

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
263⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
263⤵
PID:632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
264⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
264⤵
PID:2412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
265⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
265⤵
PID:1044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
266⤵
PID:3000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
266⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
266⤵
PID:1628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
267⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
267⤵
PID:876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
268⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
268⤵
PID:1596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
269⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
269⤵
PID:1840

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
270⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
270⤵
PID:2852

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
271⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
271⤵
PID:1600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
272⤵
PID:1112

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
272⤵
PID:1612

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
273⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
273⤵
PID:1260

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
274⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
274⤵
PID:2940

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
275⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
275⤵
PID:1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
276⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
276⤵
PID:1400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
277⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
277⤵
PID:1204

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
278⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
278⤵
PID:1748

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
279⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
279⤵
PID:2000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
280⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
280⤵
PID:1884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
281⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
281⤵
PID:808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
282⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
282⤵
PID:2536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
283⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
283⤵
PID:2892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
284⤵
PID:2728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
284⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
284⤵
PID:344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
285⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
285⤵
PID:1848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
286⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
286⤵
PID:2180

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
287⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
287⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
288⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
288⤵
PID:2796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
289⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
289⤵
PID:2196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
290⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
290⤵
PID:1108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
291⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
291⤵
PID:1488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
292⤵
PID:1548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
292⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
292⤵
PID:1912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
293⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
293⤵
PID:1784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
294⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
294⤵
PID:2100

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
295⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
295⤵
PID:2108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
296⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
296⤵
PID:2064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
297⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
297⤵
PID:2500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
298⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
298⤵
PID:352

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
299⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
299⤵
PID:592

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
300⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
300⤵
PID:2680

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
301⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
301⤵
PID:948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
302⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
302⤵
PID:668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
303⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
303⤵
PID:1244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
304⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
304⤵
PID:1356

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
305⤵
PID:1112

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
305⤵
PID:316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
306⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
306⤵
PID:2480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
307⤵
PID:1832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
307⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
307⤵
PID:1224

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
308⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
308⤵
PID:2100

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
309⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
309⤵
PID:2492

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
310⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
310⤵
PID:2252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
311⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
311⤵
PID:2296

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
312⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
312⤵
PID:2104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
313⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
313⤵
PID:876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
314⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
314⤵
PID:1860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
315⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
315⤵
PID:2336

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
316⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
316⤵
PID:808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
317⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
317⤵
PID:1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
318⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
318⤵
PID:1620

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
319⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
319⤵
PID:2344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
320⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
320⤵
PID:952

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
321⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
321⤵
PID:1872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
322⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
322⤵
PID:2136

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
323⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
323⤵
PID:2744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
324⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
324⤵
PID:788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
325⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
325⤵
PID:1568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
326⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
326⤵
PID:756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
327⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
327⤵
PID:824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
328⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
328⤵
PID:2452

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
329⤵
PID:2256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
329⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
329⤵
PID:1692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
330⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
330⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
331⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
331⤵
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
332⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
332⤵
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
333⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
333⤵
PID:1216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
334⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
334⤵
PID:3052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
335⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
335⤵
PID:284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
336⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
336⤵
PID:348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
337⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
337⤵
PID:2980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
338⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
338⤵
PID:1492

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
339⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
339⤵
PID:1512

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
340⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
340⤵
PID:1960

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
341⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
341⤵
PID:2752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
342⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
342⤵
PID:1564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
343⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
343⤵
PID:2320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
344⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
344⤵
PID:2660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
345⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
345⤵
PID:1680

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
346⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
346⤵
PID:1344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
347⤵
PID:1880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
348⤵
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
348⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
348⤵
PID:944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
349⤵
PID:2236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
349⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
349⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
350⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
350⤵
PID:2292

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
351⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
351⤵
PID:1664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
352⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
352⤵
PID:2284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
353⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
353⤵
PID:1244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
354⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
354⤵
PID:2256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
355⤵
PID:1508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
355⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
355⤵
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
356⤵
PID:2324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
356⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
356⤵
PID:2796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
357⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
357⤵
PID:1548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
358⤵
PID:668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
358⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
358⤵
PID:1916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
359⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
359⤵
PID:2512

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
360⤵
PID:952

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
360⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
360⤵
PID:2544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
361⤵
PID:1448

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
361⤵
PID:496

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
361⤵
PID:2844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
362⤵
PID:1476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
362⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
362⤵
PID:2692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
363⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
363⤵
PID:2636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
364⤵
PID:2744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
364⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
364⤵
PID:1248

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
365⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
365⤵
PID:1676

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
366⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
366⤵
PID:2640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
367⤵
PID:2712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
367⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
367⤵
PID:1828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
368⤵
PID:2520

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
368⤵
PID:668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
368⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
368⤵
PID:2704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
369⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
369⤵
PID:2164

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
370⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
370⤵
PID:928

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
371⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
371⤵
PID:1860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
372⤵
PID:1988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
372⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
372⤵
PID:1476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
373⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
373⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
374⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
374⤵
PID:1044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
375⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
375⤵
PID:1632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
376⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
376⤵
PID:1016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
377⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
377⤵
PID:2424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
378⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
378⤵
PID:2736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
379⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
379⤵
PID:868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
380⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
380⤵
PID:2656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
381⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
381⤵
PID:1548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
382⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
382⤵
PID:2020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
383⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
383⤵
PID:2296

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
384⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
384⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
385⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
385⤵
PID:2740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
386⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
386⤵
PID:980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
387⤵
PID:320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
387⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
387⤵
PID:2472

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
388⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
388⤵
PID:880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
389⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
389⤵
PID:2944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
390⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
390⤵
PID:2132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
391⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
391⤵
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
392⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
392⤵
PID:1140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
393⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
393⤵
PID:2652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
394⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
394⤵
PID:2932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
395⤵
PID:2892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
395⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
395⤵
PID:1608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
396⤵
PID:2896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
396⤵
PID:2724

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
396⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
396⤵
PID:1804

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
397⤵
PID:2672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
397⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
397⤵
PID:824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
398⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
398⤵
PID:2304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
399⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
399⤵
PID:1512

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
400⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
400⤵
PID:2416

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
401⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
401⤵
PID:2756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
402⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
402⤵
PID:1408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
403⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
403⤵
PID:1660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
404⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
404⤵
PID:2784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
405⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
405⤵
PID:2220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
406⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
406⤵
PID:2008

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
407⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
407⤵
PID:2908

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
408⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
408⤵
PID:1912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
409⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
409⤵
PID:1232

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
410⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
410⤵
PID:3008

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
411⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
411⤵
PID:1732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
412⤵
PID:1884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
412⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
412⤵
PID:656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
413⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
413⤵
PID:1356

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
414⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
414⤵
PID:1512

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
415⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
415⤵
PID:3064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
416⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
416⤵
PID:2236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
417⤵
PID:1904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
417⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
417⤵
PID:2964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
418⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
418⤵
PID:1460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
419⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
419⤵
PID:2564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
420⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
420⤵
PID:1680

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
421⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
421⤵
PID:1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
422⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
422⤵
PID:2256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
423⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
423⤵
PID:2684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
424⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
424⤵
PID:1540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
425⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
425⤵
PID:2344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
426⤵
PID:2024

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
426⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
426⤵
PID:2332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
427⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
427⤵
PID:788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
428⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
428⤵
PID:3064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
429⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
429⤵
PID:3048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
430⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
430⤵
PID:2068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
431⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
431⤵
PID:2732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
432⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
432⤵
PID:2744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
433⤵
PID:2664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
433⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
433⤵
PID:2284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
434⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
434⤵
PID:1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
435⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
435⤵
PID:2180

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
436⤵
PID:2436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
436⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
436⤵
PID:844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
437⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
437⤵
PID:484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
438⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
438⤵
PID:2464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
439⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
439⤵
PID:1348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
440⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
440⤵
PID:2996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
441⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
441⤵
PID:1640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
442⤵
PID:740

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
442⤵
PID:3032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
443⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
443⤵
PID:2068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
444⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
444⤵
PID:1436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
445⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
445⤵
PID:1268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
446⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
446⤵
PID:1168

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
447⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
447⤵
PID:1644

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
448⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
448⤵
PID:2304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
449⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
449⤵
PID:2764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
450⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
450⤵
PID:352

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
451⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
451⤵
PID:2464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
452⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
452⤵
PID:2204

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
453⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
453⤵
PID:2456

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
454⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
454⤵
PID:2784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
455⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
455⤵
PID:1308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
456⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
456⤵
PID:3032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
457⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
457⤵
PID:1832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
458⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
458⤵
PID:1436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
459⤵
PID:348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
459⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
459⤵
PID:2808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
460⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
460⤵
PID:1468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
461⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
461⤵
PID:1140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
462⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
462⤵
PID:2984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
463⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
463⤵
PID:828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
464⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
464⤵
PID:1304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
465⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
465⤵
PID:2100

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
466⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
466⤵
PID:940

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
467⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
467⤵
PID:1512

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
468⤵
PID:1792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
468⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
468⤵
PID:1876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
469⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
469⤵
PID:2340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
470⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
470⤵
PID:2148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
471⤵
PID:1460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
471⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
471⤵
PID:2744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
472⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
472⤵
PID:2208

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
473⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
473⤵
PID:2980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
474⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
474⤵
PID:2324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
475⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
475⤵
PID:2304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
476⤵
PID:1196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
476⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
476⤵
PID:1108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
477⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
477⤵
PID:1660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
478⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c08f6f4822e6db8251c8aeb87674229_JaffaCakes118.exe"
478⤵
PID:2436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
479⤵
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2540-15-0x0000000000750000-0x000000000075E000-memory.dmp

Filesize
56KB

Download
memory/2540-24-0x0000000000B60000-0x0000000000B8E000-memory.dmp

Filesize
184KB

Download
memory/2540-12-0x00000000004B0000-0x00000000004BA000-memory.dmp

Filesize
40KB

Download
memory/2540-14-0x0000000000520000-0x000000000053A000-memory.dmp

Filesize
104KB

Download
memory/2540-25-0x0000000000B40000-0x0000000000B54000-memory.dmp

Filesize
80KB

Download
memory/2540-5-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2540-9-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2540-7-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2540-22-0x0000000000AE0000-0x0000000000AEA000-memory.dmp

Filesize
40KB

Download
memory/2540-18-0x0000000000870000-0x000000000088E000-memory.dmp

Filesize
120KB

Download
memory/2540-16-0x0000000000760000-0x0000000000774000-memory.dmp

Filesize
80KB

Download
memory/2540-13-0x00000000004C0000-0x00000000004D2000-memory.dmp

Filesize
72KB

Download
memory/2540-17-0x0000000000770000-0x000000000077E000-memory.dmp

Filesize
56KB

Download
memory/2932-0-0x000000007415E000-0x000000007415F000-memory.dmp

Filesize
4KB

Download
memory/2932-1-0x0000000000B30000-0x0000000000CA2000-memory.dmp

Filesize
1.4MB

Download
memory/2932-3-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download
memory/2932-23-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download
memory/2932-4-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download
memory/2932-2-0x00000000043B0000-0x0000000004438000-memory.dmp

Filesize
544KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads