nanocore | a88b51910b9ddaf017d1e1ab39eafdadc3c095aa17ce17dd239e38bdddf0235d

General

Target

58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Size

1.5MB
MD5

58a37ded7d1b1f73f58bd17008e0876f
SHA1

a3133b2843899c77f9264689f2a771d3e07f19bd
SHA256

a88b51910b9ddaf017d1e1ab39eafdadc3c095aa17ce17dd239e38bdddf0235d
SHA512

a8e1d586d4589843a00dd8fd9817054054b82030fb7f5db8a38ba1f1dafd01a70705a30b39497f928e26554b439730483d80a21f3035f68a8cc41be7fd3f2309
SSDEEP

12288:g/Aka4d2u1dgjYnYOpbWakQclTVKcXrqI63uL7UpzFxAbz4sS8h8ICxbLqMTDDBW:0AkhHoKtkP4amyezFwS8obRrq

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

meeti.ddns.net:83

meeti.duckdns.org:83

Mutex

ae4b70b9-d113-47e0-8b7b-8282a51d736e

Attributes

activate_away_mode
true
backup_connection_host
meeti.duckdns.org
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-07-26T23:46:56.996308236Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
83
default_group
A New Eraa
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
ae4b70b9-d113-47e0-8b7b-8282a51d736e
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
meeti.ddns.net
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

RegAsm.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WPA Manager = "C:\\Program Files (x86)\\WPA Manager\\wpamgr.exe"	RegAsm.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

RegAsm.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RegAsm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RegAsm.exe

Suspicious use of SetThreadContext 64 IoCs

Processes:

58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

description	pid	process	target process
PID 1092 set thread context of 3536	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2036 set thread context of 2684	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3420 set thread context of 636	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4912 set thread context of 3508	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3760 set thread context of 4700	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4768 set thread context of 4140	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 set thread context of 4412	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4820 set thread context of 1536	4820	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1904 set thread context of 3444	1904	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3580 set thread context of 4760	3580	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 552 set thread context of 3660	552	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1464 set thread context of 4244	1464	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 524 set thread context of 4384	524	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3764 set thread context of 872	3764	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1156 set thread context of 5012	1156	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3788 set thread context of 3484	3788	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3048 set thread context of 3696	3048	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 976 set thread context of 4632	976	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4752 set thread context of 4132	4752	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1432 set thread context of 4976	1432	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3976 set thread context of 2560	3976	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3580 set thread context of 4228	3580	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 1404 set thread context of 3632	1404	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 944 set thread context of 2340	944	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2692 set thread context of 1636	2692	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2752 set thread context of 2320	2752	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1504 set thread context of 3016	1504	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1460 set thread context of 3508	1460	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4344 set thread context of 2456	4344	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2452 set thread context of 4424	2452	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4392 set thread context of 2076	4392	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3260 set thread context of 4676	3260	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1884 set thread context of 428	1884	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2684 set thread context of 2732	2684	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2856 set thread context of 4172	2856	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4700 set thread context of 2324	4700	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 528 set thread context of 3812	528	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4868 set thread context of 212	4868	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3904 set thread context of 3764	3904	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4632 set thread context of 4544	4632	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4020 set thread context of 1816	4020	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 680 set thread context of 1904	680	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4140 set thread context of 2976	4140	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4228 set thread context of 4988	4228	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4772 set thread context of 2336	4772	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 2004 set thread context of 5012	2004	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4636 set thread context of 4500	4636	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 2660 set thread context of 3760	2660	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2728 set thread context of 4900	2728	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3388 set thread context of 4300	3388	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 768 set thread context of 1744	768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3608 set thread context of 4772	3608	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4728 set thread context of 3904	4728	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2816 set thread context of 2452	2816	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4860 set thread context of 1504	4860	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4700 set thread context of 4884	4700	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 5116 set thread context of 3484	5116	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4364 set thread context of 1020	4364	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3876 set thread context of 4400	3876	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3580 set thread context of 2692	3580	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4240 set thread context of 1304	4240	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4860 set thread context of 3284	4860	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 392 set thread context of 652	392	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 552 set thread context of 1264	552	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe

Drops file in Program Files directory 2 IoCs

Processes:

RegAsm.exe

description	ioc	process
File created	C:\Program Files (x86)\WPA Manager\wpamgr.exe	RegAsm.exe
File opened for modification	C:\Program Files (x86)\WPA Manager\wpamgr.exe	RegAsm.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

pid	process
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

RegAsm.exe

pid process

3536 RegAsm.exe

pid	process
3536	RegAsm.exe

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

pid	process
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4820	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4820	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4820	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1904	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1904	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3580	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
552	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1464	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
524	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
524	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3764	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1156	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3788	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3048	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
976	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4752	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1432	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1432	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3976	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3580	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1404	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
944	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
944	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
2692	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
2692	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
2752	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1504	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1460	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4344	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
2452	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4392	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3260	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
1884	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
2684	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
2856	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4700	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
528	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
528	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4868	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
3904	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4632	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4020	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4020	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4020	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4020	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
680	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
680	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4140	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4228	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4772	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
2004	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
4636	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exeRegAsm.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3536	RegAsm.exe
Token: SeDebugPrivilege	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4820	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	1904	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3580	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	552	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	1464	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	524	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3764	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	1156	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3788	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3048	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	976	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4752	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	1432	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3976	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3580	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	1404	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	944	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2692	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2752	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	1504	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	1460	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4344	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2452	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4392	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3260	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	1884	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2684	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2856	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4700	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	528	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4868	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3904	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4632	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4020	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	680	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4140	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4228	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4772	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2004	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4636	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2660	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2728	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3388	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3608	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4728	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	2816	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4860	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4700	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	5116	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4364	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3876	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	3580	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4240	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	4860	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
Token: SeDebugPrivilege	392	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

description	pid	process	target process
PID 1092 wrote to memory of 1128	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1092 wrote to memory of 1128	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1092 wrote to memory of 1128	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1092 wrote to memory of 3536	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1092 wrote to memory of 3536	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1092 wrote to memory of 3536	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1092 wrote to memory of 3536	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 1092 wrote to memory of 2036	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 1092 wrote to memory of 2036	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 1092 wrote to memory of 2036	1092	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 2036 wrote to memory of 2684	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2036 wrote to memory of 2684	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2036 wrote to memory of 2684	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2036 wrote to memory of 2684	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 2036 wrote to memory of 3420	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 2036 wrote to memory of 3420	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 2036 wrote to memory of 3420	2036	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3420 wrote to memory of 636	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3420 wrote to memory of 636	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3420 wrote to memory of 636	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3420 wrote to memory of 636	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3420 wrote to memory of 4912	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3420 wrote to memory of 4912	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3420 wrote to memory of 4912	3420	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4912 wrote to memory of 4764	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4912 wrote to memory of 4764	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4912 wrote to memory of 4764	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4912 wrote to memory of 3508	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4912 wrote to memory of 3508	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4912 wrote to memory of 3508	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4912 wrote to memory of 3508	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4912 wrote to memory of 3760	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4912 wrote to memory of 3760	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4912 wrote to memory of 3760	4912	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3760 wrote to memory of 3484	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3760 wrote to memory of 3484	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3760 wrote to memory of 3484	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3760 wrote to memory of 4700	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3760 wrote to memory of 4700	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3760 wrote to memory of 4700	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3760 wrote to memory of 4700	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3760 wrote to memory of 4768	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3760 wrote to memory of 4768	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3760 wrote to memory of 4768	3760	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4768 wrote to memory of 4140	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4768 wrote to memory of 4140	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4768 wrote to memory of 4140	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4768 wrote to memory of 4140	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 4768 wrote to memory of 3572	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4768 wrote to memory of 3572	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 4768 wrote to memory of 3572	4768	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3572 wrote to memory of 3892	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 3892	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 3892	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 508	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 508	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 508	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 4412	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 4412	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 4412	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 4412	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	RegAsm.exe
PID 3572 wrote to memory of 4820	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3572 wrote to memory of 4820	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
PID 3572 wrote to memory of 4820	3572	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe	58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:1128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3536

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2036

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
3⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3420

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
4⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
4⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
5⤵
PID:4764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
5⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
5⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
6⤵
PID:3484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
6⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
7⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
7⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
8⤵
PID:3892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
8⤵
PID:508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
8⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
9⤵
PID:1604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
9⤵
PID:1708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
9⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
10⤵
PID:4976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
10⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
10⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
11⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
11⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
12⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
12⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
13⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
13⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
14⤵
PID:4648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
14⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
14⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
15⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
15⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1156

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
16⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
16⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
17⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
17⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
18⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
18⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
19⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
19⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
20⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
20⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
21⤵
PID:5076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
21⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
21⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
22⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
22⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
23⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
23⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
24⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
24⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
25⤵
PID:2212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
25⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
25⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:3788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
26⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
27⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
27⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
28⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
28⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
29⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
29⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
30⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
30⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2452

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
31⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
31⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
32⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
32⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3260

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
33⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
33⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
34⤵
PID:428

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
34⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
35⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
35⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
36⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
36⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
37⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
37⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
38⤵
PID:848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
38⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
38⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
39⤵
PID:212

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
39⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
40⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
40⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
41⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
41⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
42⤵
PID:4668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
42⤵
PID:652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
42⤵
PID:4440

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
42⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
42⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:680

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
43⤵
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
43⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
43⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
44⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
44⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4228

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
45⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
45⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
46⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
46⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
47⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
47⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
48⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
48⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
49⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
49⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
50⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
50⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
51⤵
PID:956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
51⤵
PID:1516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
51⤵
PID:4380

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
51⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
51⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
52⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
52⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
53⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
53⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
54⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
54⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
55⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
55⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
56⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
56⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
57⤵
PID:624

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
57⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
57⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:5116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
58⤵
PID:2916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
58⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
58⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
59⤵
PID:4968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
59⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
59⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
60⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
60⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
61⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
61⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
62⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
62⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
63⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
63⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
64⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
64⤵
- Suspicious use of SetThreadContext
PID:552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
65⤵
PID:5116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
65⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
65⤵
- Checks computer location settings
PID:3696

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
66⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
66⤵
PID:4776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
67⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
67⤵
- Checks computer location settings
PID:212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
68⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
68⤵
- Checks computer location settings
PID:2788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
69⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
69⤵
PID:3092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
70⤵
PID:2344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
70⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
70⤵
PID:736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
71⤵
PID:3732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
71⤵
PID:4968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
71⤵
PID:2976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
71⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
71⤵
PID:1424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:5088

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:2648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:3364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
72⤵
PID:316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
73⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
73⤵
PID:1600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
74⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
74⤵
PID:4088

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
75⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
75⤵
PID:4960

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
76⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
76⤵
PID:588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
77⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
77⤵
- Checks computer location settings
PID:2472

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
78⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
78⤵
- Checks computer location settings
PID:4412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
79⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
79⤵
PID:3116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
80⤵
PID:396

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
80⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
80⤵
- Checks computer location settings
PID:3040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
81⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
81⤵
- Checks computer location settings
PID:4968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
82⤵
PID:1972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
82⤵
PID:4860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
82⤵
PID:1744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
82⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
82⤵
PID:1020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
83⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
83⤵
- Checks computer location settings
PID:2076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
84⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
84⤵
PID:4244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
85⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
85⤵
PID:2500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
86⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
86⤵
PID:4544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
87⤵
PID:1504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
87⤵
PID:4768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
87⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
87⤵
PID:1972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
88⤵
PID:4832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
88⤵
PID:3484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
88⤵
PID:3040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
88⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
88⤵
PID:2324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
89⤵
PID:5024

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
89⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
89⤵
PID:4404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
90⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
90⤵
PID:1084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
91⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
91⤵
- Checks computer location settings
PID:2336

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
92⤵
PID:1392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
92⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
92⤵
PID:4412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
93⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
93⤵
- Checks computer location settings
PID:528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
94⤵
PID:4912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
94⤵
PID:3288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
94⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
94⤵
PID:2976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
95⤵
PID:4624

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
95⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
95⤵
- Checks computer location settings
PID:2792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
96⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
96⤵
PID:2148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
97⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
97⤵
PID:2472

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
98⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
98⤵
PID:4020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
99⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
99⤵
PID:4936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
100⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
100⤵
PID:3288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
101⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
101⤵
PID:4452

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
102⤵
PID:4092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
102⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
102⤵
PID:1660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
103⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
103⤵
PID:896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
104⤵
PID:4732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
104⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
104⤵
PID:1644

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
105⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
105⤵
PID:4300

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
106⤵
PID:3436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
106⤵
PID:460

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
106⤵
- Checks computer location settings
PID:4192

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
107⤵
PID:444

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
107⤵
- Checks computer location settings
PID:1988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
108⤵
PID:4728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
108⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
108⤵
- Checks computer location settings
PID:3284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
109⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
109⤵
- Checks computer location settings
PID:4144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
110⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
110⤵
PID:3392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
111⤵
PID:3344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
111⤵
PID:2824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
111⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
111⤵
- Checks computer location settings
PID:4880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
112⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
112⤵
- Checks computer location settings
PID:2940

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
113⤵
PID:2076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
113⤵
PID:212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
113⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
113⤵
- Checks computer location settings
PID:4992

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
114⤵
PID:2344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
114⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
114⤵
- Checks computer location settings
PID:4500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
115⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
115⤵
- Checks computer location settings
PID:3312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
116⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
116⤵
- Checks computer location settings
PID:4048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
117⤵
PID:1816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
117⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
117⤵
PID:1564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
118⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
118⤵
PID:4772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
119⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
119⤵
- Checks computer location settings
PID:1608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
120⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
120⤵
- Checks computer location settings
PID:4892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
121⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
121⤵
PID:3760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
122⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
122⤵
PID:4392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
123⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
123⤵
PID:3040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
124⤵
PID:8

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
124⤵
PID:4696

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
125⤵
PID:4584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
125⤵
PID:988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
125⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
125⤵
- Checks computer location settings
PID:3240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
126⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
126⤵
PID:3308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
127⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
127⤵
- Checks computer location settings
PID:2336

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
128⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
128⤵
- Checks computer location settings
PID:400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:4676

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:3596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:3260

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
129⤵
PID:2456

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
130⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
130⤵
- Checks computer location settings
PID:4080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
131⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
131⤵
- Checks computer location settings
PID:1008

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
132⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
132⤵
- Checks computer location settings
PID:3744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
133⤵
PID:4452

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
133⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
133⤵
- Checks computer location settings
PID:5056

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
134⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
134⤵
PID:1816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
135⤵
PID:4560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
135⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
135⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
135⤵
PID:4816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
136⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
136⤵
PID:768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
137⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
137⤵
- Checks computer location settings
PID:3260

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
138⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
138⤵
- Checks computer location settings
PID:2684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
139⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
139⤵
- Checks computer location settings
PID:212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
140⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
140⤵
PID:956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
141⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
141⤵
- Checks computer location settings
PID:2452

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
142⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
142⤵
PID:3212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
143⤵
PID:3772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
143⤵
PID:4012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
143⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
143⤵
- Checks computer location settings
PID:5060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
144⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
144⤵
PID:3732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
145⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
145⤵
PID:4504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
146⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
146⤵
PID:856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
147⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
147⤵
- Checks computer location settings
PID:1896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
148⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
148⤵
PID:4912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
149⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
149⤵
PID:4936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
150⤵
PID:3904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
150⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
150⤵
PID:4552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
151⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
151⤵
PID:3408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
152⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
152⤵
PID:1732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
153⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
153⤵
PID:3588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
154⤵
PID:5060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
154⤵
PID:1720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
154⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
154⤵
- Checks computer location settings
PID:2380

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
155⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
155⤵
- Checks computer location settings
PID:3876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
156⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
156⤵
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
157⤵
PID:1032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
157⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
157⤵
- Checks computer location settings
PID:1264

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
158⤵
PID:3484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
158⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
158⤵
PID:2920

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
159⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
159⤵
PID:1744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
160⤵
PID:2560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
160⤵
PID:3668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
160⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
160⤵
PID:4868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
161⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
161⤵
PID:3288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
162⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
162⤵
- Checks computer location settings
PID:5040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
163⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
163⤵
PID:1944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
164⤵
PID:768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
164⤵
PID:460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
164⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
164⤵
PID:4776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
165⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
165⤵
- Checks computer location settings
PID:1600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
166⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
166⤵
PID:5116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
167⤵
PID:3976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
167⤵
PID:1424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
167⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
167⤵
PID:2340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
168⤵
PID:1212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
168⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
168⤵
PID:1744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
169⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
169⤵
PID:4868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
170⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
170⤵
- Checks computer location settings
PID:3288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
171⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
171⤵
PID:2732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
172⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
172⤵
PID:3340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
173⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
173⤵
PID:5076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
174⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
174⤵
PID:2948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
175⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
175⤵
PID:3648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:1052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:4424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:1212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
176⤵
PID:2080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
177⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
177⤵
- Checks computer location settings
PID:736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
178⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
178⤵
PID:2148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
179⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
179⤵
PID:3696

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
180⤵
PID:116

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
180⤵
PID:528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
181⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
181⤵
PID:2312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
182⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
182⤵
PID:4988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
183⤵
PID:3240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
183⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
183⤵
PID:4572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
184⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
184⤵
PID:4140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
185⤵
PID:316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
185⤵
PID:2780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
185⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
185⤵
PID:2320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
186⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
186⤵
PID:5116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
187⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
187⤵
PID:3392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
188⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
188⤵
PID:1224

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
189⤵
PID:3116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
189⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
189⤵
- Checks computer location settings
PID:2148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
190⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
190⤵
PID:856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
191⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
191⤵
- Checks computer location settings
PID:4020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
192⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
192⤵
PID:332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
193⤵
PID:4400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
193⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
193⤵
PID:3340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
194⤵
PID:2496

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
194⤵
PID:3904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
194⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
194⤵
PID:5076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
195⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
195⤵
PID:1424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
196⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
196⤵
PID:1208

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
197⤵
PID:1800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
197⤵
PID:4776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
197⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
197⤵
PID:2012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
198⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
198⤵
PID:4088

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
199⤵
PID:3972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
199⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
199⤵
PID:3488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
200⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
200⤵
PID:1972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
201⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
201⤵
PID:1516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
202⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
202⤵
PID:4400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
203⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
203⤵
PID:4228

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
204⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
204⤵
PID:392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
205⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
205⤵
PID:928

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
206⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
206⤵
PID:404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
207⤵
PID:2848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
207⤵
PID:2692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
207⤵
PID:1104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
207⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
207⤵
PID:2320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
208⤵
PID:1208

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
208⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
208⤵
PID:1404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
209⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
209⤵
PID:2236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
210⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
210⤵
PID:2560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
211⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
211⤵
PID:1008

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
212⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
212⤵
PID:4988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
213⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
213⤵
PID:2072

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
214⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
214⤵
PID:988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
215⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
215⤵
PID:3428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
216⤵
PID:4848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
216⤵
PID:732

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
216⤵
PID:816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
217⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
217⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
218⤵
PID:2320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
219⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
219⤵
PID:1716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
220⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
220⤵
PID:1212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
221⤵
PID:4700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
221⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
221⤵
PID:3388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
222⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
222⤵
PID:4636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
223⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
223⤵
PID:4400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
224⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
224⤵
PID:4232

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
225⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
225⤵
PID:988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
226⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
226⤵
PID:3816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
227⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
227⤵
PID:4544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
228⤵
PID:4968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
228⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
228⤵
PID:316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
229⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
229⤵
PID:1740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
230⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
230⤵
PID:4584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
231⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
231⤵
PID:216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
232⤵
PID:400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
232⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
232⤵
PID:3332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
233⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
233⤵
PID:4248

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
234⤵
PID:552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
234⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
234⤵
PID:524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
235⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
235⤵
PID:2472

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
236⤵
PID:1884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
236⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
236⤵
PID:4624

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
237⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
237⤵
PID:2720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
238⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
238⤵
PID:856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
239⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
239⤵
PID:3976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
240⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
240⤵
PID:1460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
241⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
241⤵
PID:4696

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
242⤵
PID:2684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
242⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
242⤵
PID:1596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
243⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
243⤵
PID:2752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
244⤵
PID:4528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
244⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
244⤵
PID:4972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
245⤵
PID:3428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
245⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
245⤵
PID:868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
246⤵
PID:1884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
246⤵
PID:2004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
246⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
246⤵
PID:1732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
247⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
247⤵
PID:3816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
248⤵
PID:3772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
248⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
248⤵
PID:1932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
249⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
249⤵
PID:2324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
250⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
250⤵
PID:4364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
251⤵
PID:3976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
251⤵
PID:4420

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
251⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
251⤵
PID:3900

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
252⤵
PID:4396

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
252⤵
PID:3568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
252⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
252⤵
PID:4344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
253⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
253⤵
PID:4880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
254⤵
PID:3288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
254⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
254⤵
PID:940

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
255⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
255⤵
PID:2076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
256⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
256⤵
PID:5052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
257⤵
PID:5092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
258⤵
PID:1604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
258⤵
PID:1600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
258⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
258⤵
PID:4184

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
259⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
259⤵
PID:708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
260⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
260⤵
PID:4760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
261⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
261⤵
PID:4364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
262⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
262⤵
PID:4628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
263⤵
PID:3484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
263⤵
PID:3896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
263⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
263⤵
PID:2040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
264⤵
PID:2856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
264⤵
PID:4464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
264⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
264⤵
PID:3184

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
265⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
265⤵
PID:4572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
266⤵
PID:4504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
266⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
266⤵
PID:872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
267⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
267⤵
PID:444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
268⤵
PID:8

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
268⤵
PID:1924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
269⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
269⤵
PID:792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
270⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
270⤵
PID:4564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
271⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
271⤵
PID:4172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
272⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
272⤵
PID:2240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
273⤵
PID:3896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
273⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
273⤵
PID:4700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
274⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
274⤵
PID:4628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
275⤵
PID:1944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
275⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
275⤵
PID:2380

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
276⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
276⤵
PID:5044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
277⤵
PID:748

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
277⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
277⤵
PID:4860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
278⤵
PID:4188

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
278⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
278⤵
PID:2816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
279⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
279⤵
PID:3760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
280⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
280⤵
PID:732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
281⤵
PID:2672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
281⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
281⤵
PID:2452

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
282⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
282⤵
PID:3772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
283⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
283⤵
PID:896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
284⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
284⤵
PID:2720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
285⤵
PID:544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
285⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
285⤵
PID:2004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
286⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
286⤵
PID:1800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
287⤵
PID:4264

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
287⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
287⤵
PID:4628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
288⤵
PID:636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
288⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
288⤵
PID:524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
289⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
289⤵
PID:1172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
290⤵
PID:4384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
290⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
290⤵
PID:3596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
291⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
291⤵
PID:2364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
292⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
292⤵
PID:4544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
293⤵
PID:732

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
293⤵
PID:3392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
294⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
294⤵
PID:2328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
295⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
295⤵
PID:2916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
296⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
296⤵
PID:3408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
297⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
297⤵
PID:2240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
298⤵
PID:4696

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
298⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
298⤵
PID:4648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
299⤵
PID:4700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
299⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
299⤵
PID:3804

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
300⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
300⤵
PID:2380

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
301⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
301⤵
PID:5044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
302⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
302⤵
PID:2684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
303⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
303⤵
PID:1516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
304⤵
PID:4316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
304⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
304⤵
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
305⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
305⤵
PID:1660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
306⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
306⤵
PID:2792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
307⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
307⤵
PID:1956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
308⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
308⤵
PID:3048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
309⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
309⤵
PID:1900

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
310⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
310⤵
PID:3128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
311⤵
PID:4344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
311⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
311⤵
PID:1224

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
312⤵
PID:4240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
312⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
312⤵
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
313⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
313⤵
PID:4536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
314⤵
PID:3616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
314⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
314⤵
PID:2640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
315⤵
PID:2496

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
315⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
315⤵
PID:988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
316⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
316⤵
PID:4708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
317⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
317⤵
PID:4408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
318⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
318⤵
PID:4564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
319⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
319⤵
PID:4936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
320⤵
PID:3288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
320⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
320⤵
PID:736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
321⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
321⤵
PID:4344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
322⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
322⤵
PID:2832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
323⤵
PID:3500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
323⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
323⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
324⤵
PID:892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
324⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
324⤵
PID:1496

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
325⤵
PID:3312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
325⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
325⤵
PID:3240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
326⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
326⤵
PID:4916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
327⤵
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
327⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
327⤵
PID:2788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
328⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
328⤵
PID:1340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
329⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
329⤵
PID:848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
330⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
330⤵
PID:4424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
331⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
331⤵
PID:3440

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
332⤵
PID:4768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
332⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
332⤵
PID:4440

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
333⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
333⤵
PID:1172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
334⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
334⤵
PID:2636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
335⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
335⤵
PID:1788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
336⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
336⤵
PID:872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
337⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
337⤵
PID:4388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
338⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
338⤵
PID:1712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
339⤵
PID:3744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
339⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
339⤵
PID:624

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
340⤵
PID:4140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
340⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
340⤵
PID:4772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
341⤵
PID:4596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
341⤵
PID:640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
341⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
341⤵
PID:2376

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
342⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
342⤵
PID:508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
343⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
343⤵
PID:3368

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
344⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
344⤵
PID:536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
345⤵
PID:2848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
345⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
345⤵
PID:4700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
346⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
346⤵
PID:4944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:3616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
347⤵
PID:3344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
348⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
348⤵
PID:4436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
349⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
349⤵
PID:4500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
350⤵
PID:848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
350⤵
PID:2508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
350⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
350⤵
PID:2484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
351⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
351⤵
PID:1596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
352⤵
PID:2148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
352⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
352⤵
PID:1708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
353⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
353⤵
PID:828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
354⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
354⤵
PID:3588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
355⤵
PID:3276

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
355⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
355⤵
PID:4832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
356⤵
PID:2280

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
356⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
356⤵
PID:880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
357⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
357⤵
PID:4912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
358⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
358⤵
PID:2172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
359⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
359⤵
PID:748

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
360⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
360⤵
PID:4520

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
361⤵
PID:2336

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
361⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
361⤵
PID:1932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
362⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
362⤵
PID:4188

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
363⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
363⤵
PID:1064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
364⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
364⤵
PID:756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
365⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
365⤵
PID:2556

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
366⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
366⤵
PID:4408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
367⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
367⤵
PID:444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
368⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
368⤵
PID:768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
369⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
369⤵
PID:4004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
370⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
370⤵
PID:748

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
371⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
371⤵
PID:3816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
372⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
372⤵
PID:2816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
373⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
373⤵
PID:4188

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
374⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
374⤵
PID:1064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
375⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
375⤵
PID:3984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
376⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
376⤵
PID:2916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
377⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
377⤵
PID:3000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
378⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
378⤵
PID:856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
379⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
379⤵
PID:2568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
380⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
380⤵
PID:736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
381⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
381⤵
PID:4896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
382⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
382⤵
PID:3892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
383⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
383⤵
PID:4292

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
384⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
384⤵
PID:5116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
385⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
385⤵
PID:1104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
386⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
386⤵
PID:2808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
387⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
387⤵
PID:1672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
388⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
388⤵
PID:3036

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
389⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
389⤵
PID:4856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
390⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
390⤵
PID:4560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
391⤵
PID:3284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
391⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
391⤵
PID:4256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
392⤵
PID:3552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
392⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
392⤵
PID:2548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
393⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
393⤵
PID:3464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
394⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
394⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
394⤵
PID:1496

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
395⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
395⤵
PID:2308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
396⤵
PID:400

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
396⤵
PID:2948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
397⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
397⤵
PID:3308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
398⤵
PID:4760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
398⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
398⤵
PID:2616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
399⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
399⤵
PID:3368

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
400⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
400⤵
PID:536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
401⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
401⤵
PID:444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
402⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
402⤵
PID:2544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
403⤵
PID:848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
403⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
403⤵
PID:4912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
404⤵
PID:4232

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
404⤵
PID:3812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
404⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
404⤵
PID:4088

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
405⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
405⤵
PID:5024

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
406⤵
PID:212

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
406⤵
PID:2080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
407⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
407⤵
PID:2456

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
408⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
408⤵
PID:4344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
409⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
409⤵
PID:4252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
410⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
410⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
411⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
411⤵
PID:1536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
412⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
412⤵
PID:4060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
413⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
413⤵
PID:588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
414⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
414⤵
PID:1604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
415⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
415⤵
PID:756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
416⤵
PID:1172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
416⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
416⤵
PID:712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
417⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
417⤵
PID:1800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
418⤵
PID:3744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
418⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\58a37ded7d1b1f73f58bd17008e0876f_JaffaCakes118.exe"
418⤵
PID:2280

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:1884

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:4400

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:3212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:460

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
Filesize
1KB

MD5
84e77a587d94307c0ac1357eb4d3d46f

SHA1
83cc900f9401f43d181207d64c5adba7a85edc1e

SHA256
e16024b092a026a9dc00df69d4b9bbcab7b2dc178dc5291fc308a1abc9304a99

SHA512
aefb5c62200b3ed97718d20a89990954d4d8acdc0a6a73c5a420f1bba619cb79e70c2cd0a579b9f52dc6b09e1de2cea6cd6cac4376cfee92d94e2c01d310f691

Download Submit
memory/1092-0-0x000000007480E000-0x000000007480F000-memory.dmp

Filesize
4KB

Download
memory/1092-1-0x00000000002A0000-0x0000000000422000-memory.dmp

Filesize
1.5MB

Download
memory/1092-2-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/1092-3-0x0000000004E50000-0x0000000004ED8000-memory.dmp

Filesize
544KB

Download
memory/1092-26-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/1092-5-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/2036-24-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/2036-21-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/2036-28-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/3536-19-0x0000000006000000-0x000000000601E000-memory.dmp

Filesize
120KB

Download
memory/3536-23-0x00000000061B0000-0x00000000061C4000-memory.dmp

Filesize
80KB

Download
memory/3536-15-0x0000000005EA0000-0x0000000005EBA000-memory.dmp

Filesize
104KB

Download
memory/3536-14-0x0000000005E90000-0x0000000005EA2000-memory.dmp

Filesize
72KB

Download
memory/3536-17-0x0000000005FD0000-0x0000000005FE4000-memory.dmp

Filesize
80KB

Download
memory/3536-16-0x0000000005FC0000-0x0000000005FCE000-memory.dmp

Filesize
56KB

Download
memory/3536-8-0x00000000050B0000-0x000000000514C000-memory.dmp

Filesize
624KB

Download
memory/3536-20-0x0000000006030000-0x000000000603A000-memory.dmp

Filesize
40KB

Download
memory/3536-7-0x0000000005010000-0x00000000050A2000-memory.dmp

Filesize
584KB

Download
memory/3536-13-0x00000000054C0000-0x00000000054CA000-memory.dmp

Filesize
40KB

Download
memory/3536-22-0x0000000006180000-0x00000000061AE000-memory.dmp

Filesize
184KB

Download
memory/3536-18-0x0000000005FE0000-0x0000000005FEE000-memory.dmp

Filesize
56KB

Download
memory/3536-10-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/3536-6-0x00000000054E0000-0x0000000005A84000-memory.dmp

Filesize
5.6MB

Download
memory/3536-9-0x0000000004FF0000-0x0000000004FFA000-memory.dmp

Filesize
40KB

Download
memory/3536-4-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/3536-100-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads