nanocore | 3798eda97eb1c96e59e379d952389a01dd6e753563c367f4cad3673b0703b0b5

Analysis

max time kernel
69s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Size

1.5MB
MD5

5d6504033e0108dd331c3514c9b92772
SHA1

94f3653d419813a95af7174937181321dbfa25f4
SHA256

3798eda97eb1c96e59e379d952389a01dd6e753563c367f4cad3673b0703b0b5
SHA512

3d8ebfd92055007eeb865b64482656d29ceda7d9cdfc0495c62bc0b3f481697dbf37873a11187838d6ff78c2fe4600cd0dbbbd3e110d8899875cdcecc53a2156
SSDEEP

24576:uQ1Rl5jC806M2DYTcSX1ZajRg//3uno46+DThVrMAY0wLQqd/tUTjFYaCtjZZwaG:u85jChzcJ1LGDWHahjfS

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

meeti.ddns.net:83

meeti.duckdns.org:83

Mutex

ae4b70b9-d113-47e0-8b7b-8282a51d736e

Attributes

activate_away_mode
true
backup_connection_host
meeti.duckdns.org
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-07-26T23:46:56.996308236Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
83
default_group
A New Eraa
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
ae4b70b9-d113-47e0-8b7b-8282a51d736e
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
meeti.ddns.net
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DHCP Service = "C:\\Program Files (x86)\\DHCP Service\\dhcpsv.exe"	RegAsm.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RegAsm.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 4960 set thread context of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	82
PID 1584 set thread context of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	86
PID 5012 set thread context of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	90
PID 2680 set thread context of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	92
PID 3216 set thread context of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	94
PID 3252 set thread context of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	96
PID 224 set thread context of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	98
PID 708 set thread context of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	100
PID 3200 set thread context of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	102
PID 2304 set thread context of 4900	2304	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	104
PID 3928 set thread context of 1256	3928	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	106
PID 4564 set thread context of 4072	4564	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	169
PID 2844 set thread context of 1840	2844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	110
PID 4128 set thread context of 4812	4128	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	173
PID 2556 set thread context of 3256	2556	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	117
PID 632 set thread context of 1640	632	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	194
PID 3844 set thread context of 4904	3844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	123
PID 4468 set thread context of 3616	4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	127
PID 3348 set thread context of 392	3348	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	129
PID 3204 set thread context of 4716	3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	131
PID 3416 set thread context of 2840	3416	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	133
PID 1428 set thread context of 2312	1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	232
PID 2552 set thread context of 3496	2552	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	138
PID 4156 set thread context of 3024	4156	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	199
PID 3196 set thread context of 940	3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	148
PID 4468 set thread context of 4476	4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	152
PID 4256 set thread context of 3864	4256	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	154
PID 3592 set thread context of 4044	3592	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	229
PID 5116 set thread context of 4564	5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	159
PID 4572 set thread context of 3584	4572	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	217
PID 3780 set thread context of 768	3780	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	164
PID 4692 set thread context of 2276	4692	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	166
PID 4252 set thread context of 4072	4252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	169
PID 2668 set thread context of 4468	2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	275
PID 3204 set thread context of 4812	3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	173
PID 2956 set thread context of 3688	2956	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	175
PID 5116 set thread context of 2036	5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	180
PID 3964 set thread context of 4004	3964	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	183
PID 3252 set thread context of 2332	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	186
PID 4384 set thread context of 3908	4384	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	299
PID 4080 set thread context of 3312	4080	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	191
PID 4600 set thread context of 1640	4600	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	194
PID 744 set thread context of 588	744	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	196
PID 3068 set thread context of 4076	3068	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	326
PID 3024 set thread context of 428	3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	317
PID 1240 set thread context of 4884	1240	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	205
PID 2668 set thread context of 2952	2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	315
PID 3060 set thread context of 1500	3060	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	210
PID 4332 set thread context of 216	4332	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	214
PID 1428 set thread context of 2540	1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	311
PID 3584 set thread context of 2860	3584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	218
PID 1184 set thread context of 3068	1184	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	363
PID 4912 set thread context of 2552	4912	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	271
PID 1392 set thread context of 4412	1392	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	224
PID 652 set thread context of 2468	652	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	226
PID 4244 set thread context of 3432	4244	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	399
PID 4044 set thread context of 3200	4044	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	231
PID 2312 set thread context of 2128	2312	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	233
PID 4716 set thread context of 3684	4716	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	292
PID 3508 set thread context of 4444	3508	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	237
PID 4320 set thread context of 4920	4320	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	239
PID 4436 set thread context of 5044	4436	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	301
PID 1628 set thread context of 844	1628	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	244
PID 4408 set thread context of 4888	4408	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	246

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DHCP Service\dhcpsv.exe	RegAsm.exe
File opened for modification	C:\Program Files (x86)\DHCP Service\dhcpsv.exe	RegAsm.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4528	RegAsm.exe

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2304	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3928	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4564	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4128	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4128	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2556	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
632	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
632	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3348	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3416	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2552	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4156	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4156	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4256	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3592	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4572	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4572	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3780	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4692	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2956	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3964	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3964	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4384	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4080	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4080	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4600	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
744	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3068	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4528	RegAsm.exe
Token: SeDebugPrivilege	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2304	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3928	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4564	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4128	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2556	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	632	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3348	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3416	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2552	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4156	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4256	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3592	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4572	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3780	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4692	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2956	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3964	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4384	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4080	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4600	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	744	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3068	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1240	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3060	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4332	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1184	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4912	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1392	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	652	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4244	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4044	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2312	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4716	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3508	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4320	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4436	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1628	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	82
PID 4960 wrote to memory of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	82
PID 4960 wrote to memory of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	82
PID 4960 wrote to memory of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	82
PID 4960 wrote to memory of 1584	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	85
PID 4960 wrote to memory of 1584	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	85
PID 4960 wrote to memory of 1584	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	85
PID 1584 wrote to memory of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	86
PID 1584 wrote to memory of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	86
PID 1584 wrote to memory of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	86
PID 1584 wrote to memory of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	86
PID 1584 wrote to memory of 5012	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	88
PID 1584 wrote to memory of 5012	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	88
PID 1584 wrote to memory of 5012	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	88
PID 5012 wrote to memory of 2244	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	89
PID 5012 wrote to memory of 2244	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	89
PID 5012 wrote to memory of 2244	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	89
PID 5012 wrote to memory of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	90
PID 5012 wrote to memory of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	90
PID 5012 wrote to memory of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	90
PID 5012 wrote to memory of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	90
PID 5012 wrote to memory of 2680	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	91
PID 5012 wrote to memory of 2680	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	91
PID 5012 wrote to memory of 2680	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	91
PID 2680 wrote to memory of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	92
PID 2680 wrote to memory of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	92
PID 2680 wrote to memory of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	92
PID 2680 wrote to memory of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	92
PID 2680 wrote to memory of 3216	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	93
PID 2680 wrote to memory of 3216	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	93
PID 2680 wrote to memory of 3216	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	93
PID 3216 wrote to memory of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	94
PID 3216 wrote to memory of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	94
PID 3216 wrote to memory of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	94
PID 3216 wrote to memory of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	94
PID 3216 wrote to memory of 3252	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	95
PID 3216 wrote to memory of 3252	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	95
PID 3216 wrote to memory of 3252	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	95
PID 3252 wrote to memory of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	96
PID 3252 wrote to memory of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	96
PID 3252 wrote to memory of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	96
PID 3252 wrote to memory of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	96
PID 3252 wrote to memory of 224	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	97
PID 3252 wrote to memory of 224	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	97
PID 3252 wrote to memory of 224	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	97
PID 224 wrote to memory of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	98
PID 224 wrote to memory of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	98
PID 224 wrote to memory of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	98
PID 224 wrote to memory of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	98
PID 224 wrote to memory of 708	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	99
PID 224 wrote to memory of 708	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	99
PID 224 wrote to memory of 708	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	99
PID 708 wrote to memory of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	100
PID 708 wrote to memory of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	100
PID 708 wrote to memory of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	100
PID 708 wrote to memory of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	100
PID 708 wrote to memory of 3200	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	101
PID 708 wrote to memory of 3200	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	101
PID 708 wrote to memory of 3200	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	101
PID 3200 wrote to memory of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	102
PID 3200 wrote to memory of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	102
PID 3200 wrote to memory of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	102
PID 3200 wrote to memory of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	102
PID 3200 wrote to memory of 2304	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	103

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:4528
- C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1584
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:3692
- - C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:5012
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:2244
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      Suspicious use of SetThreadContext
      Suspicious behavior: MapViewOfSection
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2680
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        5⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        5⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3216
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        6⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        7⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:224
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        8⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        9⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3200
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        10⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2304
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        11⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        11⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        12⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        12⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        13⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        13⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        14⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        14⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        15⤵
        
        PID:3264
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        15⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        15⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        16⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        16⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:632
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        17⤵
        
        PID:2196
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        17⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        17⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        18⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        19⤵
        
        PID:2132
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        19⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        19⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        20⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        20⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        21⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        21⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        22⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        22⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        23⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        23⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        24⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        24⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        25⤵
        
        PID:3772
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        25⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        25⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3196
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        
        PID:1528
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        
        PID:3844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        
        PID:4076
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        26⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:2616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:4948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        27⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        28⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        28⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        29⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        29⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:5116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        30⤵
        
        PID:4936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        30⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        30⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        31⤵
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        31⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        31⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        32⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        32⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        33⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        33⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        34⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        34⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        35⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        35⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        36⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        36⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        37⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:5116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        38⤵
        
        PID:1428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        38⤵
        
        PID:2540
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        38⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        38⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        39⤵
        
        PID:3740
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        39⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        39⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        40⤵
        
        PID:4520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        40⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        40⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4384
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        41⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        41⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        42⤵
        
        PID:3112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        42⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        42⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        43⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        43⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        44⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        44⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        45⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        45⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3024
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        46⤵
        
        PID:896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        46⤵
        
        PID:4988
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        46⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        46⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        47⤵
        
        PID:2980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        47⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        47⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        48⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        48⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        49⤵
        
        PID:3852
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        49⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        49⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:3360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:2064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        50⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        51⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        51⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        52⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        52⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1184
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        53⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        53⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4912
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        54⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        54⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1392
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        55⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        55⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        56⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        56⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        57⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        57⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        58⤵
        
        PID:3256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        58⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        58⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        59⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        59⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4716
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        60⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3508
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        61⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        61⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        62⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        62⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4436
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        63⤵
        
        PID:4668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        63⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        63⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        64⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        64⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        
        PID:4408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        65⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        65⤵
        Checks computer location settings
        
        PID:2116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        66⤵
        
        PID:4356
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        66⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        66⤵
        
        PID:5012
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        67⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        67⤵
        
        PID:3920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        68⤵
        
        PID:1648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        68⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        68⤵
        Checks computer location settings
        
        PID:3720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        69⤵
        
        PID:4384
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        69⤵
        
        PID:4360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        69⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        69⤵
        
        PID:2556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        70⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        70⤵
        Checks computer location settings
        
        PID:2692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        71⤵
        
        PID:2348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        71⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        71⤵
        Checks computer location settings
        
        PID:4524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        72⤵
        
        PID:3764
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        72⤵
        
        PID:4476
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        72⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        72⤵
        
        PID:3692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        73⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        73⤵
        
        PID:2552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:4488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:3020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:4468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        74⤵
        
        PID:1720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        75⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        75⤵
        Checks computer location settings
        
        PID:2948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        76⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        76⤵
        
        PID:1484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        77⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        77⤵
        
        PID:3920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        78⤵
        
        PID:3876
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        78⤵
        
        PID:744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        78⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        78⤵
        
        PID:1388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        79⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        79⤵
        
        PID:3032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        80⤵
        
        PID:4708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        80⤵
        
        PID:4328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        80⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        80⤵
        
        PID:220
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:3568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        81⤵
        Checks computer location settings
        
        PID:4568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        82⤵
        
        PID:4816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        83⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        83⤵
        
        PID:4492
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        84⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        84⤵
        
        PID:1160
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        85⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        85⤵
        
        PID:3524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        86⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        86⤵
        Checks computer location settings
        
        PID:3780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        87⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        87⤵
        
        PID:3508
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        88⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        88⤵
        
        PID:4824
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        89⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        89⤵
        
        PID:4468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        90⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        90⤵
        Checks computer location settings
        
        PID:2800
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        91⤵
        
        PID:2952
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        91⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        91⤵
        Checks computer location settings
        
        PID:428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        92⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        92⤵
        
        PID:4320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        93⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        93⤵
        
        PID:2904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        94⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        94⤵
        Checks computer location settings
        
        PID:4808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        95⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        95⤵
        Checks computer location settings
        
        PID:1528
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        96⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        96⤵
        
        PID:3268
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        97⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        97⤵
        Checks computer location settings
        
        PID:4340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        98⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        98⤵
        Checks computer location settings
        
        PID:2324
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        99⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        99⤵
        
        PID:3556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        
        PID:1632
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        100⤵
        
        PID:4236
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        101⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        101⤵
        Checks computer location settings
        
        PID:5068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        102⤵
        
        PID:2328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        102⤵
        
        PID:2980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        102⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        102⤵
        Checks computer location settings
        
        PID:4996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        103⤵
        
        PID:840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        103⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        103⤵
        
        PID:1648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        104⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        104⤵
        
        PID:5056
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        105⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        105⤵
        
        PID:3720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        106⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        106⤵
        
        PID:1168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        107⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        107⤵
        
        PID:2160
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        108⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        108⤵
        
        PID:4600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        109⤵
        
        PID:2572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        109⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        109⤵
        Checks computer location settings
        
        PID:3796
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        110⤵
        
        PID:2996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        110⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        110⤵
        Checks computer location settings
        
        PID:4816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        111⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        111⤵
        
        PID:4236
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        112⤵
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        112⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        112⤵
        
        PID:4716
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        113⤵
        
        PID:4992
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        114⤵
        
        PID:752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        114⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        114⤵
        Checks computer location settings
        
        PID:412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        115⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        115⤵
        
        PID:3960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        116⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        116⤵
        Checks computer location settings
        
        PID:4028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        117⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        117⤵
        
        PID:3052
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        118⤵
        
        PID:2168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        118⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        118⤵
        Checks computer location settings
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        119⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        119⤵
        
        PID:3332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        120⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        120⤵
        Checks computer location settings
        
        PID:3556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        121⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        121⤵
        Checks computer location settings
        
        PID:3740
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        122⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        122⤵
        
        PID:4912
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:3188
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:4404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:2276
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        123⤵
        Checks computer location settings
        
        PID:4156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        124⤵
        
        PID:4376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        124⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        124⤵
        
        PID:2788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        125⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        125⤵
        
        PID:3432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        126⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        126⤵
        
        PID:3360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        127⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        127⤵
        Checks computer location settings
        
        PID:1496
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        128⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        128⤵
        
        PID:2572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        129⤵
        
        PID:5108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        129⤵
        
        PID:5092
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        129⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        129⤵
        Checks computer location settings
        
        PID:2996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        130⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        130⤵
        Checks computer location settings
        
        PID:3252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        131⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        131⤵
        
        PID:1616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        132⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        132⤵
        
        PID:4408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        133⤵
        
        PID:4724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        134⤵
        
        PID:3464
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        134⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        134⤵
        Checks computer location settings
        
        PID:3592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        135⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        135⤵
        Checks computer location settings
        
        PID:1704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        136⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        136⤵
        Checks computer location settings
        
        PID:3416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        137⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        137⤵
        
        PID:2288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        138⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        138⤵
        Checks computer location settings
        
        PID:4288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        139⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        139⤵
        
        PID:2332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        140⤵
        
        PID:2144
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        140⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        140⤵
        Checks computer location settings
        
        PID:464
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        141⤵
        
        PID:3060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        141⤵
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        141⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        141⤵
        
        PID:2312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        142⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        142⤵
        
        PID:2744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        143⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        143⤵
        
        PID:4328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        144⤵
        
        PID:1600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        144⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        144⤵
        
        PID:3036
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        
        PID:3312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        145⤵
        Checks computer location settings
        
        PID:2140
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        146⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        146⤵
        Checks computer location settings
        
        PID:4380
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        147⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        147⤵
        Checks computer location settings
        
        PID:4340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        148⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        148⤵
        
        PID:3432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        149⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        149⤵
        Checks computer location settings
        
        PID:3288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        150⤵
        
        PID:216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        150⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        150⤵
        Checks computer location settings
        
        PID:4480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        151⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        151⤵
        
        PID:2844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        152⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        152⤵
        Checks computer location settings
        
        PID:3568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        153⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        153⤵
        Checks computer location settings
        
        PID:2904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:3256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:4424
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        154⤵
        Checks computer location settings
        
        PID:1844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        155⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        155⤵
        Checks computer location settings
        
        PID:3424
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        156⤵
        
        PID:1524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        157⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        157⤵
        Checks computer location settings
        
        PID:3536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        158⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        158⤵
        
        PID:4920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        159⤵
        
        PID:4524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        159⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        159⤵
        
        PID:1720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        160⤵
        
        PID:3332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        161⤵
        
        PID:3756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        161⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        161⤵
        
        PID:3216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        162⤵
        
        PID:5096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        162⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        162⤵
        
        PID:4480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:4436
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        163⤵
        
        PID:2036
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        164⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        164⤵
        
        PID:1628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        165⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        165⤵
        
        PID:5076
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        166⤵
        
        PID:3560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        166⤵
        
        PID:1680
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        166⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        166⤵
        
        PID:3428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        167⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        167⤵
        
        PID:2084
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        168⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        168⤵
        
        PID:3204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        169⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        169⤵
        
        PID:2668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        170⤵
        
        PID:3844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        170⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        170⤵
        
        PID:1128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        171⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        171⤵
        
        PID:1484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:3148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:3432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        172⤵
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        173⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        173⤵
        
        PID:2200
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        174⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        174⤵
        
        PID:4824
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        175⤵
        
        PID:848
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:4408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        176⤵
        
        PID:3068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        177⤵
        
        PID:3568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        177⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        177⤵
        
        PID:4796
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        178⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        178⤵
        
        PID:4656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        179⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        179⤵
        
        PID:5028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        180⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        180⤵
        
        PID:4872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        181⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        181⤵
        
        PID:3796
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        182⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        182⤵
        
        PID:3548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        183⤵
        
        PID:2572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        183⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        183⤵
        
        PID:3348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        184⤵
        
        PID:1484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        184⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        184⤵
        
        PID:3664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        185⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        185⤵
        
        PID:3132
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        186⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        186⤵
        
        PID:4404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        187⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        187⤵
        
        PID:964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        188⤵
        
        PID:1628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        189⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        189⤵
        
        PID:2896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        190⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        190⤵
        
        PID:1980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        191⤵
        
        PID:4348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        191⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        191⤵
        
        PID:4836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        192⤵
        
        PID:2408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        193⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        193⤵
        
        PID:2668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        194⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        194⤵
        
        PID:4916
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        195⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        195⤵
        
        PID:4480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        196⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        196⤵
        
        PID:3352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        197⤵
        
        PID:3032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        198⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        198⤵
        
        PID:3212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        199⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        199⤵
        
        PID:2580
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        200⤵
        
        PID:2444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        201⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        201⤵
        
        PID:1040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        202⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        202⤵
        
        PID:3956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        203⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        203⤵
        
        PID:2028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        204⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        204⤵
        
        PID:1120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        205⤵
        
        PID:212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        205⤵
        
        PID:3508
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        205⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        205⤵
        
        PID:2336
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        206⤵
        
        PID:2136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        206⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        206⤵
        
        PID:2000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        207⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        207⤵
        
        PID:4328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        208⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        208⤵
        
        PID:3416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        209⤵
        
        PID:5000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        209⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        209⤵
        
        PID:2924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        210⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        210⤵
        
        PID:3952
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        211⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        211⤵
        
        PID:4316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        212⤵
        
        PID:4380
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        212⤵
        
        PID:996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        212⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        212⤵
        
        PID:2956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        213⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        213⤵
        
        PID:348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        214⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        214⤵
        
        PID:4436
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        215⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        215⤵
        
        PID:4608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        216⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        216⤵
        
        PID:4028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        217⤵
        
        PID:5052
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        217⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        217⤵
        
        PID:2432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:3204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:1528
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:2168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:3016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        218⤵
        
        PID:2288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        219⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        219⤵
        
        PID:3960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        220⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        220⤵
        
        PID:2260
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        221⤵
        
        PID:2408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        221⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        221⤵
        
        PID:3476
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        222⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        222⤵
        
        PID:3876
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        223⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        223⤵
        
        PID:3536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        224⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        224⤵
        
        PID:2468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        225⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        225⤵
        
        PID:1532
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        226⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        226⤵
        
        PID:116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        227⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        227⤵
        
        PID:3016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        228⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        228⤵
        
        PID:3432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        229⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        229⤵
        
        PID:1628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        230⤵
        
        PID:5080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        230⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        230⤵
        
        PID:3052
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        231⤵
        
        PID:3464
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        231⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        231⤵
        
        PID:3712
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        232⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        232⤵
        
        PID:4592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        233⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        233⤵
        
        PID:3244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        234⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        234⤵
        
        PID:1540
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        235⤵
        
        PID:3720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        235⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        235⤵
        
        PID:4348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        236⤵
        
        PID:432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        237⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        237⤵
        
        PID:1532
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        238⤵
        
        PID:4128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        238⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        238⤵
        
        PID:372
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        239⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        239⤵
        
        PID:4988
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        240⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        240⤵
        
        PID:3348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        241⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        241⤵
        
        PID:3844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        242⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        242⤵
        
        PID:2800
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        243⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        243⤵
        
        PID:3200
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        244⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        244⤵
        
        PID:3532
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        245⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        245⤵
        
        PID:4516
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        246⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        246⤵
        
        PID:4808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        247⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        247⤵
        
        PID:3548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        248⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        248⤵
        
        PID:2008
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        249⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        249⤵
        
        PID:4472
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        250⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        250⤵
        
        PID:536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        251⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        251⤵
        
        PID:3256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        252⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        252⤵
        
        PID:2888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        253⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        253⤵
        
        PID:1248
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        254⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        254⤵
        
        PID:464
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        255⤵
        
        PID:3412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        256⤵
        
        PID:4084
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        256⤵
        
        PID:4732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        256⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        256⤵
        
        PID:4996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        
        PID:2028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        
        PID:4404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        
        PID:588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        
        PID:3632
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        257⤵
        
        PID:3320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        258⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        258⤵
        
        PID:4364
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        259⤵
        
        PID:468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        259⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        259⤵
        
        PID:2988
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        260⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        260⤵
        
        PID:4436
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        261⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        261⤵
        
        PID:1200
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        262⤵
        
        PID:4980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        262⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        262⤵
        
        PID:1532
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        263⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        263⤵
        
        PID:4600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        264⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        264⤵
        
        PID:4680
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        265⤵
        
        PID:2408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        265⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        265⤵
        
        PID:428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        266⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        266⤵
        
        PID:2036
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        267⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        267⤵
        
        PID:1108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        268⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        268⤵
        
        PID:1844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        269⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        269⤵
        
        PID:3532
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        270⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        270⤵
        
        PID:908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        271⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        271⤵
        
        PID:5100
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        272⤵
        
        PID:2876
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        272⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        272⤵
        
        PID:760
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        273⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        273⤵
        
        PID:2572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        274⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        274⤵
        
        PID:5104
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        275⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        275⤵
        
        PID:5096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        276⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        276⤵
        
        PID:1612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        277⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        277⤵
        
        PID:3960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        278⤵
        
        PID:3464
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        278⤵
        
        PID:3112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        278⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        278⤵
        
        PID:3828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        279⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        279⤵
        
        PID:4048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        280⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        280⤵
        
        PID:2756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        281⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        281⤵
        
        PID:2956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        282⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        282⤵
        
        PID:4876
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        283⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        283⤵
        
        PID:3640
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        284⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        284⤵
        
        PID:1748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        285⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        285⤵
        
        PID:4816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        286⤵
        
        PID:5076
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        287⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        287⤵
        
        PID:408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        288⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        288⤵
        
        PID:1212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        289⤵
        
        PID:1536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        289⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        289⤵
        
        PID:2696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        290⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        290⤵
        
        PID:3940
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        291⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        291⤵
        
        PID:3952
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        292⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        292⤵
        
        PID:4228
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        293⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        293⤵
        
        PID:348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        294⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        294⤵
        
        PID:3892
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        295⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        295⤵
        
        PID:432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        296⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        296⤵
        
        PID:3504
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        297⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        297⤵
        
        PID:3500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        298⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        298⤵
        
        PID:648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        299⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        299⤵
        
        PID:4652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        300⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        300⤵
        
        PID:3844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        301⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        301⤵
        
        PID:1212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        302⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        302⤵
        
        PID:884
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        303⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        303⤵
        
        PID:3552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        304⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        304⤵
        
        PID:980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        305⤵
        
        PID:2128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        305⤵
        
        PID:4288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        305⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        305⤵
        
        PID:4996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        306⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        306⤵
        
        PID:5100
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        307⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        307⤵
        
        PID:3956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        308⤵
        
        PID:3504
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        308⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        308⤵
        
        PID:1040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        309⤵
        
        PID:2000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        309⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        309⤵
        
        PID:3244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        310⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        310⤵
        
        PID:4316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        311⤵
        
        PID:2868
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        311⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        311⤵
        
        PID:216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        312⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        312⤵
        
        PID:664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        313⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        313⤵
        
        PID:516
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        314⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        314⤵
        
        PID:908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        315⤵
        
        PID:3428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        315⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        315⤵
        
        PID:5044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        316⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        316⤵
        
        PID:4128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        317⤵
        
        PID:820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        317⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        317⤵
        
        PID:4628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        318⤵
        
        PID:2360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        318⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        318⤵
        
        PID:5064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        319⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        319⤵
        
        PID:2144
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        320⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        320⤵
        
        PID:392
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        321⤵
        
        PID:3532
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        321⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        321⤵
        
        PID:3864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        322⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        322⤵
        
        PID:4640
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        323⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        323⤵
        
        PID:1656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        324⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        324⤵
        
        PID:4836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        325⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        325⤵
        
        PID:2844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        326⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        326⤵
        
        PID:3228
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        327⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        327⤵
        
        PID:4808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        328⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        328⤵
        
        PID:4356
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        329⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        329⤵
        
        PID:2696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        330⤵
        
        PID:1404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        330⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        330⤵
        
        PID:1016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        331⤵
        
        PID:3068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        331⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        331⤵
        
        PID:1388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        332⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        332⤵
        
        PID:4476
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        333⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        333⤵
        
        PID:4384
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        334⤵
        
        PID:4924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        334⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        334⤵
        
        PID:4656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        335⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        335⤵
        
        PID:3548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        336⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        336⤵
        
        PID:4544
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        337⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        337⤵
        
        PID:3756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        338⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        338⤵
        
        PID:4564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        339⤵
        
        PID:2256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        339⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        339⤵
        
        PID:4380
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        340⤵
        
        PID:4316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        340⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        340⤵
        
        PID:3524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        341⤵
        
        PID:964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        341⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        341⤵
        
        PID:4904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        342⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        342⤵
        
        PID:1084
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        343⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        343⤵
        
        PID:1488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        344⤵
        
        PID:924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        344⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        344⤵
        
        PID:3248
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        345⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        345⤵
        
        PID:4860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        346⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        346⤵
        
        PID:3688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        347⤵
        
        PID:3144
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        347⤵
        
        PID:2120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        347⤵
        
        PID:4572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        347⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        347⤵
        
        PID:4716
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        348⤵
        
        PID:1620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        348⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        348⤵
        
        PID:5092
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        349⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        349⤵
        
        PID:3640
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        350⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        350⤵
        
        PID:5052
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        351⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        351⤵
        
        PID:2788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        352⤵
        
        PID:760
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        352⤵
        
        PID:3212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        352⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        352⤵
        
        PID:1720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        353⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        353⤵
        
        PID:4312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        354⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        354⤵
        
        PID:4564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        355⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        355⤵
        
        PID:4628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        356⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        356⤵
        
        PID:4328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        357⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        357⤵
        
        PID:5028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        358⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        358⤵
        
        PID:4780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        359⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        359⤵
        
        PID:3020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        360⤵
        
        PID:5108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        360⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        360⤵
        
        PID:2336
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        361⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        361⤵
        
        PID:392
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:4140
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:1632
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        362⤵
        
        PID:3852
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        363⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        363⤵
        
        PID:4544
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        364⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        364⤵
        
        PID:3892
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        365⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
        365⤵
        
        PID:676

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:3288

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:3796

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:1844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Filesize
1KB

MD5
84e77a587d94307c0ac1357eb4d3d46f

SHA1
83cc900f9401f43d181207d64c5adba7a85edc1e

SHA256
e16024b092a026a9dc00df69d4b9bbcab7b2dc178dc5291fc308a1abc9304a99

SHA512
aefb5c62200b3ed97718d20a89990954d4d8acdc0a6a73c5a420f1bba619cb79e70c2cd0a579b9f52dc6b09e1de2cea6cd6cac4376cfee92d94e2c01d310f691

Download Submit
memory/1584-11-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/1584-28-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/1584-15-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4528-16-0x0000000006250000-0x0000000006262000-memory.dmp

Filesize
72KB

Download
memory/4528-25-0x0000000006590000-0x00000000065A4000-memory.dmp

Filesize
80KB

Download
memory/4528-6-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4528-7-0x00000000058F0000-0x0000000005E94000-memory.dmp

Filesize
5.6MB

Download
memory/4528-8-0x00000000053E0000-0x0000000005472000-memory.dmp

Filesize
584KB

Download
memory/4528-9-0x0000000005520000-0x00000000055BC000-memory.dmp

Filesize
624KB

Download
memory/4528-10-0x0000000005490000-0x000000000549A000-memory.dmp

Filesize
40KB

Download
memory/4528-4-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/4528-103-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4528-21-0x00000000063F0000-0x000000000640E000-memory.dmp

Filesize
120KB

Download
memory/4528-20-0x00000000063E0000-0x00000000063EE000-memory.dmp

Filesize
56KB

Download
memory/4528-14-0x0000000005510000-0x000000000551A000-memory.dmp

Filesize
40KB

Download
memory/4528-24-0x0000000006560000-0x000000000658E000-memory.dmp

Filesize
184KB

Download
memory/4528-23-0x00000000062C0000-0x00000000062CA000-memory.dmp

Filesize
40KB

Download
memory/4528-19-0x00000000062B0000-0x00000000062C4000-memory.dmp

Filesize
80KB

Download
memory/4528-18-0x00000000062A0000-0x00000000062AE000-memory.dmp

Filesize
56KB

Download
memory/4528-17-0x0000000006270000-0x000000000628A000-memory.dmp

Filesize
104KB

Download
memory/4960-3-0x00000000054B0000-0x0000000005538000-memory.dmp

Filesize
544KB

Download
memory/4960-5-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4960-26-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4960-2-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4960-1-0x0000000000900000-0x0000000000A82000-memory.dmp

Filesize
1.5MB

Download
memory/4960-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

Filesize
4KB

Download