nanocore | 3798eda97eb1c96e59e379d952389a01dd6e753563c367f4cad3673b0703b0b5

General

Target

5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Size

1.5MB
MD5

5d6504033e0108dd331c3514c9b92772
SHA1

94f3653d419813a95af7174937181321dbfa25f4
SHA256

3798eda97eb1c96e59e379d952389a01dd6e753563c367f4cad3673b0703b0b5
SHA512

3d8ebfd92055007eeb865b64482656d29ceda7d9cdfc0495c62bc0b3f481697dbf37873a11187838d6ff78c2fe4600cd0dbbbd3e110d8899875cdcecc53a2156
SSDEEP

24576:uQ1Rl5jC806M2DYTcSX1ZajRg//3uno46+DThVrMAY0wLQqd/tUTjFYaCtjZZwaG:u85jChzcJ1LGDWHahjfS

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

meeti.ddns.net:83

meeti.duckdns.org:83

Mutex

ae4b70b9-d113-47e0-8b7b-8282a51d736e

Attributes

activate_away_mode
true
backup_connection_host
meeti.duckdns.org
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-07-26T23:46:56.996308236Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
83
default_group
A New Eraa
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
ae4b70b9-d113-47e0-8b7b-8282a51d736e
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
meeti.ddns.net
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

RegAsm.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DHCP Service = "C:\\Program Files (x86)\\DHCP Service\\dhcpsv.exe"	RegAsm.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

RegAsm.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RegAsm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RegAsm.exe

Suspicious use of SetThreadContext 64 IoCs

Processes:

5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

description	pid	process	target process
PID 4960 set thread context of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1584 set thread context of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5012 set thread context of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2680 set thread context of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3216 set thread context of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3252 set thread context of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 224 set thread context of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 708 set thread context of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3200 set thread context of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2304 set thread context of 4900	2304	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3928 set thread context of 1256	3928	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4564 set thread context of 4072	4564	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2844 set thread context of 1840	2844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4128 set thread context of 4812	4128	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2556 set thread context of 3256	2556	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 632 set thread context of 1640	632	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3844 set thread context of 4904	3844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4468 set thread context of 3616	4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3348 set thread context of 392	3348	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3204 set thread context of 4716	3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3416 set thread context of 2840	3416	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1428 set thread context of 2312	1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 2552 set thread context of 3496	2552	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4156 set thread context of 3024	4156	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3196 set thread context of 940	3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4468 set thread context of 4476	4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4256 set thread context of 3864	4256	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3592 set thread context of 4044	3592	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 5116 set thread context of 4564	5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4572 set thread context of 3584	4572	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3780 set thread context of 768	3780	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4692 set thread context of 2276	4692	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4252 set thread context of 4072	4252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2668 set thread context of 4468	2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3204 set thread context of 4812	3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2956 set thread context of 3688	2956	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5116 set thread context of 2036	5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3964 set thread context of 4004	3964	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3252 set thread context of 2332	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4384 set thread context of 3908	4384	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4080 set thread context of 3312	4080	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4600 set thread context of 1640	4600	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 744 set thread context of 588	744	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3068 set thread context of 4076	3068	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3024 set thread context of 428	3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 1240 set thread context of 4884	1240	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2668 set thread context of 2952	2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3060 set thread context of 1500	3060	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4332 set thread context of 216	4332	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1428 set thread context of 2540	1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3584 set thread context of 2860	3584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1184 set thread context of 3068	1184	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4912 set thread context of 2552	4912	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 1392 set thread context of 4412	1392	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 652 set thread context of 2468	652	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4244 set thread context of 3432	4244	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 4044 set thread context of 3200	4044	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2312 set thread context of 2128	2312	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4716 set thread context of 3684	4716	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3508 set thread context of 4444	3508	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4320 set thread context of 4920	4320	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4436 set thread context of 5044	4436	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1628 set thread context of 844	1628	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4408 set thread context of 4888	4408	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe

Drops file in Program Files directory 2 IoCs

Processes:

RegAsm.exe

description	ioc	process
File created	C:\Program Files (x86)\DHCP Service\dhcpsv.exe	RegAsm.exe
File opened for modification	C:\Program Files (x86)\DHCP Service\dhcpsv.exe	RegAsm.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

pid	process
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

RegAsm.exe

pid process

4528 RegAsm.exe

pid	process
4528	RegAsm.exe

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

pid	process
4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2304	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3928	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4564	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4128	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4128	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2556	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
632	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
632	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3348	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3416	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2552	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4156	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4156	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4256	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3592	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4572	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4572	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3780	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4692	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
2956	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3964	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3964	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4384	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4080	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4080	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
4600	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
744	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3068	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exeRegAsm.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4528	RegAsm.exe
Token: SeDebugPrivilege	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2304	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3928	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4564	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4128	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2556	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	632	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3844	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3348	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3416	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2552	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4156	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3196	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4468	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4256	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3592	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4572	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3780	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4692	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3204	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2956	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	5116	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3964	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4384	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4080	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4600	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	744	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3068	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3024	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1240	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2668	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3060	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4332	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1428	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1184	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4912	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1392	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	652	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4244	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4044	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	2312	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4716	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	3508	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4320	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	4436	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
Token: SeDebugPrivilege	1628	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

description	pid	process	target process
PID 4960 wrote to memory of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4960 wrote to memory of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4960 wrote to memory of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4960 wrote to memory of 4528	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 4960 wrote to memory of 1584	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 4960 wrote to memory of 1584	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 4960 wrote to memory of 1584	4960	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 1584 wrote to memory of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1584 wrote to memory of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1584 wrote to memory of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1584 wrote to memory of 3692	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 1584 wrote to memory of 5012	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 1584 wrote to memory of 5012	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 1584 wrote to memory of 5012	1584	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 5012 wrote to memory of 2244	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5012 wrote to memory of 2244	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5012 wrote to memory of 2244	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5012 wrote to memory of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5012 wrote to memory of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5012 wrote to memory of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5012 wrote to memory of 2540	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 5012 wrote to memory of 2680	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 5012 wrote to memory of 2680	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 5012 wrote to memory of 2680	5012	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 2680 wrote to memory of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2680 wrote to memory of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2680 wrote to memory of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2680 wrote to memory of 1404	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 2680 wrote to memory of 3216	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 2680 wrote to memory of 3216	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 2680 wrote to memory of 3216	2680	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3216 wrote to memory of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3216 wrote to memory of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3216 wrote to memory of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3216 wrote to memory of 4948	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3216 wrote to memory of 3252	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3216 wrote to memory of 3252	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3216 wrote to memory of 3252	3216	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3252 wrote to memory of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3252 wrote to memory of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3252 wrote to memory of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3252 wrote to memory of 4384	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3252 wrote to memory of 224	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3252 wrote to memory of 224	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3252 wrote to memory of 224	3252	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 224 wrote to memory of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 224 wrote to memory of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 224 wrote to memory of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 224 wrote to memory of 2696	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 224 wrote to memory of 708	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 224 wrote to memory of 708	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 224 wrote to memory of 708	224	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 708 wrote to memory of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 708 wrote to memory of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 708 wrote to memory of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 708 wrote to memory of 4936	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 708 wrote to memory of 3200	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 708 wrote to memory of 3200	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 708 wrote to memory of 3200	708	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
PID 3200 wrote to memory of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3200 wrote to memory of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3200 wrote to memory of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3200 wrote to memory of 1496	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	RegAsm.exe
PID 3200 wrote to memory of 2304	3200	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe	5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4960

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4528

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
4⤵
PID:2244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
4⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
4⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2680

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
5⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
5⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
6⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
7⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
7⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:224

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
8⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3200

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
10⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
10⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
11⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
11⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3928

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
12⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
12⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
13⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
13⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
14⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
14⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
15⤵
PID:3264

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
15⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
15⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2556

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
16⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
16⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
17⤵
PID:2196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
17⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
17⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
18⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
18⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
19⤵
PID:2132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
19⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
19⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
20⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
20⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3204

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
21⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
21⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3416

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
22⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
22⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
23⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
23⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
24⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
24⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4156

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
25⤵
PID:3772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
25⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
25⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:1528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:3844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:4076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
26⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
27⤵
PID:2616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
27⤵
PID:4948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
27⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
27⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
28⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
28⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3592

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
29⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
29⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:5116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
30⤵
PID:4936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
30⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
30⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
31⤵
PID:1788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
31⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
31⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
32⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
32⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
33⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
33⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
34⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
34⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
35⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
35⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3204

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
36⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
36⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
37⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
37⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:5116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
38⤵
PID:1428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
38⤵
PID:2540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
38⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
38⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
39⤵
PID:3740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
39⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
39⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
40⤵
PID:4520

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
40⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
40⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
41⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
41⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
42⤵
PID:3112

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
42⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
42⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:4600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
43⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
43⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
44⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
44⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
45⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
45⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:3024

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
46⤵
PID:896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
46⤵
PID:4988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
46⤵
PID:428

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
46⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
47⤵
PID:2980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
47⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
47⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
48⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
48⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
49⤵
PID:3852

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
49⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
49⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
50⤵
PID:3360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
50⤵
PID:2064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
50⤵
PID:216

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
50⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
51⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
51⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
52⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
52⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1184

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
53⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
53⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
54⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
54⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
55⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
55⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
56⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
56⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
57⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
57⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
58⤵
PID:3256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
58⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
58⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
59⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
59⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
60⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
60⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
61⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
61⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
62⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
62⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
63⤵
PID:4668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
63⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
63⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
64⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
64⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
PID:4408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
65⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
65⤵
- Checks computer location settings
PID:2116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
66⤵
PID:4356

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
66⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
66⤵
PID:5012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
67⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
67⤵
PID:3920

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
68⤵
PID:1648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
68⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
68⤵
- Checks computer location settings
PID:3720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
69⤵
PID:4384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
69⤵
PID:4360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
69⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
69⤵
PID:2556

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
70⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
70⤵
- Checks computer location settings
PID:2692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
71⤵
PID:2348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
71⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
71⤵
- Checks computer location settings
PID:4524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:3764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:4476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
72⤵
PID:3692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
73⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
73⤵
PID:2552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
74⤵
PID:4488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
74⤵
PID:3020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
74⤵
PID:212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
74⤵
PID:4468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
74⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
74⤵
PID:1720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
75⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
75⤵
- Checks computer location settings
PID:2948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
76⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
76⤵
PID:1484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
77⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
77⤵
PID:3920

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
78⤵
PID:3876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
78⤵
PID:744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
78⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
78⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
79⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
79⤵
PID:3032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
80⤵
PID:4708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
80⤵
PID:4328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
80⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
80⤵
PID:220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
81⤵
PID:3568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
81⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
81⤵
- Checks computer location settings
PID:4568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
82⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
82⤵
PID:4816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
83⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
83⤵
PID:4492

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
84⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
84⤵
PID:1160

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
85⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
85⤵
PID:3524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
86⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
86⤵
- Checks computer location settings
PID:3780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
87⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
87⤵
PID:3508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
88⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
88⤵
PID:4824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
89⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
89⤵
PID:4468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
90⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
90⤵
- Checks computer location settings
PID:2800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
91⤵
PID:2952

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
91⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
91⤵
- Checks computer location settings
PID:428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
92⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
92⤵
PID:4320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
93⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
93⤵
PID:2904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
94⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
94⤵
- Checks computer location settings
PID:4808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
95⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
95⤵
- Checks computer location settings
PID:1528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
96⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
96⤵
PID:3268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
97⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
97⤵
- Checks computer location settings
PID:4340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
98⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
98⤵
- Checks computer location settings
PID:2324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
99⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
99⤵
PID:3556

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
100⤵
PID:1632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
100⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
100⤵
PID:4236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
101⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
101⤵
- Checks computer location settings
PID:5068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
102⤵
PID:2328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
102⤵
PID:2980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
102⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
102⤵
- Checks computer location settings
PID:4996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
103⤵
PID:840

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
103⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
103⤵
PID:1648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
104⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
104⤵
PID:5056

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
105⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
105⤵
PID:3720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
106⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
106⤵
PID:1168

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
107⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
107⤵
PID:2160

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
108⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
108⤵
PID:4600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
109⤵
PID:2572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
109⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
109⤵
- Checks computer location settings
PID:3796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
110⤵
PID:2996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
110⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
110⤵
- Checks computer location settings
PID:4816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
111⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
111⤵
PID:4236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
112⤵
PID:2176

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
112⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
112⤵
PID:4716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
113⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
113⤵
PID:4992

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
114⤵
PID:752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
114⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
114⤵
- Checks computer location settings
PID:412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
115⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
115⤵
PID:3960

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
116⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
116⤵
- Checks computer location settings
PID:4028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
117⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
117⤵
PID:3052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
118⤵
PID:2168

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
118⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
118⤵
- Checks computer location settings
PID:1788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
119⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
119⤵
PID:3332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
120⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
120⤵
- Checks computer location settings
PID:3556

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
121⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
121⤵
- Checks computer location settings
PID:3740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
122⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
122⤵
PID:4912

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
123⤵
PID:3188

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
123⤵
PID:4404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
123⤵
PID:2276

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
123⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
123⤵
- Checks computer location settings
PID:4156

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
124⤵
PID:4376

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
124⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
124⤵
PID:2788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
125⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
125⤵
PID:3432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
126⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
126⤵
PID:3360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
127⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
127⤵
- Checks computer location settings
PID:1496

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
128⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
128⤵
PID:2572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:5108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:5092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
129⤵
- Checks computer location settings
PID:2996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
130⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
130⤵
- Checks computer location settings
PID:3252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
131⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
131⤵
PID:1616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
132⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
132⤵
PID:4408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
133⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
133⤵
PID:4724

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
134⤵
PID:3464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
134⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
134⤵
- Checks computer location settings
PID:3592

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
135⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
135⤵
- Checks computer location settings
PID:1704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
136⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
136⤵
- Checks computer location settings
PID:3416

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
137⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
137⤵
PID:2288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
138⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
138⤵
- Checks computer location settings
PID:4288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
139⤵
PID:456

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
139⤵
PID:2332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
140⤵
PID:2144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
140⤵
PID:512

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
140⤵
- Checks computer location settings
PID:464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
141⤵
PID:3060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
141⤵
PID:1788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
141⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
141⤵
PID:2312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
142⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
142⤵
PID:2744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
143⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
143⤵
PID:4328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
144⤵
PID:1600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
144⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
144⤵
PID:3036

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
145⤵
PID:3312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
145⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
145⤵
- Checks computer location settings
PID:2140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
146⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
146⤵
- Checks computer location settings
PID:4380

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
147⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
147⤵
- Checks computer location settings
PID:4340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
148⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
148⤵
PID:3432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
149⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
149⤵
- Checks computer location settings
PID:3288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
150⤵
PID:216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
150⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
150⤵
- Checks computer location settings
PID:4480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
151⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
151⤵
PID:2844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
152⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
152⤵
- Checks computer location settings
PID:3568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
153⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
153⤵
- Checks computer location settings
PID:2904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
154⤵
PID:3256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
154⤵
PID:4424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
154⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
154⤵
- Checks computer location settings
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
155⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
155⤵
- Checks computer location settings
PID:3424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
156⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
156⤵
PID:1524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
157⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
157⤵
- Checks computer location settings
PID:3536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
158⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
158⤵
PID:4920

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
159⤵
PID:4524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
159⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
159⤵
PID:1720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
160⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
160⤵
PID:3332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
161⤵
PID:3756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
161⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
161⤵
PID:3216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
162⤵
PID:5096

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
162⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
162⤵
PID:4480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
163⤵
PID:4436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
163⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
163⤵
PID:2036

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
164⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
164⤵
PID:1628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
165⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
165⤵
PID:5076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
166⤵
PID:3560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
166⤵
PID:1680

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
166⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
166⤵
PID:3428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
167⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
167⤵
PID:2084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
168⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
168⤵
PID:3204

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
169⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
169⤵
PID:2668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
170⤵
PID:3844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
170⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
170⤵
PID:1128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
171⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
171⤵
PID:1484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
172⤵
PID:3148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
172⤵
PID:3432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
172⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
172⤵
PID:1788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
173⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
173⤵
PID:2200

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
174⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
174⤵
PID:4824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
175⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
175⤵
PID:848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:4408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
176⤵
PID:3068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
177⤵
PID:3568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
177⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
177⤵
PID:4796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
178⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
178⤵
PID:4656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
179⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
179⤵
PID:5028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
180⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
180⤵
PID:4872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
181⤵
PID:212

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
181⤵
PID:3796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
182⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
182⤵
PID:3548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
183⤵
PID:2572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
183⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
183⤵
PID:3348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
184⤵
PID:1484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
184⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
184⤵
PID:3664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
185⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
185⤵
PID:3132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
186⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
186⤵
PID:4404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
187⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
187⤵
PID:964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
188⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
188⤵
PID:1628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
189⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
189⤵
PID:2896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
190⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
190⤵
PID:1980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
191⤵
PID:4348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
191⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
191⤵
PID:4836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
192⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
192⤵
PID:2408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
193⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
193⤵
PID:2668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
194⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
194⤵
PID:4916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
195⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
195⤵
PID:4480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
196⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
196⤵
PID:3352

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
197⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
197⤵
PID:3032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
198⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
198⤵
PID:3212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
199⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
199⤵
PID:2580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
200⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
200⤵
PID:2444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
201⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
201⤵
PID:1040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
202⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
202⤵
PID:3956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
203⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
203⤵
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
204⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
204⤵
PID:1120

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
205⤵
PID:212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
205⤵
PID:3508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
205⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
205⤵
PID:2336

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
206⤵
PID:2136

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
206⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
206⤵
PID:2000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
207⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
207⤵
PID:4328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
208⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
208⤵
PID:3416

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
209⤵
PID:5000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
209⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
209⤵
PID:2924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
210⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
210⤵
PID:3952

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
211⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
211⤵
PID:4316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
212⤵
PID:4380

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
212⤵
PID:996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
212⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
212⤵
PID:2956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
213⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
213⤵
PID:348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
214⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
214⤵
PID:4436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
215⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
215⤵
PID:4608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
216⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
216⤵
PID:4028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
217⤵
PID:5052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
217⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
217⤵
PID:2432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:3204

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:1528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:2168

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
218⤵
PID:2288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
219⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
219⤵
PID:3960

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
220⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
220⤵
PID:2260

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
221⤵
PID:2408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
221⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
221⤵
PID:3476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
222⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
222⤵
PID:3876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
223⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
223⤵
PID:3536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
224⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
224⤵
PID:2468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
225⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
225⤵
PID:1532

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
226⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
226⤵
PID:116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
227⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
227⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
228⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
228⤵
PID:3432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
229⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
229⤵
PID:1628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
230⤵
PID:5080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
230⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
230⤵
PID:3052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
231⤵
PID:3464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
231⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
231⤵
PID:3712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
232⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
232⤵
PID:4592

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
233⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
233⤵
PID:3244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
234⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
234⤵
PID:1540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
235⤵
PID:3720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
235⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
235⤵
PID:4348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
236⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
236⤵
PID:432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
237⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
237⤵
PID:1532

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
238⤵
PID:4128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
238⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
238⤵
PID:372

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
239⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
239⤵
PID:4988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
240⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
240⤵
PID:3348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
241⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
241⤵
PID:3844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
242⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
242⤵
PID:2800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
243⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
243⤵
PID:3200

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
244⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
244⤵
PID:3532

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
245⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
245⤵
PID:4516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
246⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
246⤵
PID:4808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
247⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
247⤵
PID:3548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
248⤵
PID:820

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
248⤵
PID:2008

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
249⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
249⤵
PID:4472

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
250⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
250⤵
PID:536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
251⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
251⤵
PID:3256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
252⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
252⤵
PID:2888

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
253⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
253⤵
PID:1248

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
254⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
254⤵
PID:464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
255⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
255⤵
PID:3412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
256⤵
PID:4084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
256⤵
PID:4732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
256⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
256⤵
PID:4996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:4404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:3632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
257⤵
PID:3320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
258⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
258⤵
PID:4364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
259⤵
PID:468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
259⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
259⤵
PID:2988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
260⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
260⤵
PID:4436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
261⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
261⤵
PID:1200

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
262⤵
PID:4980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
262⤵
PID:452

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
262⤵
PID:1532

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
263⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
263⤵
PID:4600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
264⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
264⤵
PID:4680

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
265⤵
PID:2408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
265⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
265⤵
PID:428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
266⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
266⤵
PID:2036

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
267⤵
PID:464

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
267⤵
PID:1108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
268⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
268⤵
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
269⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
269⤵
PID:3532

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
270⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
270⤵
PID:908

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
271⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
271⤵
PID:5100

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
272⤵
PID:2876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
272⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
272⤵
PID:760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
273⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
273⤵
PID:2572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
274⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
274⤵
PID:5104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
275⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
275⤵
PID:5096

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
276⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
276⤵
PID:1612

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
277⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
277⤵
PID:3960

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
278⤵
PID:3464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
278⤵
PID:3112

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
278⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
278⤵
PID:3828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
279⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
279⤵
PID:4048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
280⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
280⤵
PID:2756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
281⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
281⤵
PID:2956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
282⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
282⤵
PID:4876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
283⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
283⤵
PID:3640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
284⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
284⤵
PID:1748

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
285⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
285⤵
PID:4816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
286⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
286⤵
PID:5076

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
287⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
287⤵
PID:408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
288⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
288⤵
PID:1212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
289⤵
PID:1536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
289⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
289⤵
PID:2696

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
290⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
290⤵
PID:3940

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
291⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
291⤵
PID:3952

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
292⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
292⤵
PID:4228

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
293⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
293⤵
PID:348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
294⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
294⤵
PID:3892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
295⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
295⤵
PID:432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
296⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
296⤵
PID:3504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
297⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
297⤵
PID:3500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
298⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
298⤵
PID:648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
299⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
299⤵
PID:4652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
300⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
300⤵
PID:3844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
301⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
301⤵
PID:1212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
302⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
302⤵
PID:884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
303⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
303⤵
PID:3552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
304⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
304⤵
PID:980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
305⤵
PID:2128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
305⤵
PID:4288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
305⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
305⤵
PID:4996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
306⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
306⤵
PID:5100

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
307⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
307⤵
PID:3956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
308⤵
PID:3504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
308⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
308⤵
PID:1040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
309⤵
PID:2000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
309⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
309⤵
PID:3244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
310⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
310⤵
PID:4316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
311⤵
PID:2868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
311⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
311⤵
PID:216

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
312⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
312⤵
PID:664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
313⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
313⤵
PID:516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
314⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
314⤵
PID:908

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
315⤵
PID:3428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
315⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
315⤵
PID:5044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
316⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
316⤵
PID:4128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
317⤵
PID:820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
317⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
317⤵
PID:4628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
318⤵
PID:2360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
318⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
318⤵
PID:5064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
319⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
319⤵
PID:2144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
320⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
320⤵
PID:392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
321⤵
PID:3532

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
321⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
321⤵
PID:3864

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
322⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
322⤵
PID:4640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
323⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
323⤵
PID:1656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
324⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
324⤵
PID:4836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
325⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
325⤵
PID:2844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
326⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
326⤵
PID:3228

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
327⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
327⤵
PID:4808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
328⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
328⤵
PID:4356

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
329⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
329⤵
PID:2696

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
330⤵
PID:1404

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
330⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
330⤵
PID:1016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
331⤵
PID:3068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
331⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
331⤵
PID:1388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
332⤵
PID:216

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
332⤵
PID:4476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
333⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
333⤵
PID:4384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
334⤵
PID:4924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
334⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
334⤵
PID:4656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
335⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
335⤵
PID:3548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
336⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
336⤵
PID:4544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
337⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
337⤵
PID:3756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
338⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
338⤵
PID:4564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
339⤵
PID:2256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
339⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
339⤵
PID:4380

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
340⤵
PID:4316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
340⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
340⤵
PID:3524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
341⤵
PID:964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
341⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
341⤵
PID:4904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
342⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
342⤵
PID:1084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
343⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
343⤵
PID:1488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
344⤵
PID:924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
344⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
344⤵
PID:3248

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
345⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
345⤵
PID:4860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
346⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
346⤵
PID:3688

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:3144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:2120

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:4572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
347⤵
PID:4716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
348⤵
PID:1620

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
348⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
348⤵
PID:5092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
349⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
349⤵
PID:3640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
350⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
350⤵
PID:5052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
351⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
351⤵
PID:2788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
352⤵
PID:760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
352⤵
PID:3212

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
352⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
352⤵
PID:1720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
353⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
353⤵
PID:4312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
354⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
354⤵
PID:4564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
355⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
355⤵
PID:4628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
356⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
356⤵
PID:4328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
357⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
357⤵
PID:5028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
358⤵
PID:224

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
358⤵
PID:4780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
359⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
359⤵
PID:3020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
360⤵
PID:5108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
360⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
360⤵
PID:2336

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
361⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
361⤵
PID:392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
362⤵
PID:4140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
362⤵
PID:1632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
362⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
362⤵
PID:3852

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
363⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
363⤵
PID:4544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
364⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
364⤵
PID:3892

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
365⤵
PID:216

C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d6504033e0108dd331c3514c9b92772_JaffaCakes118.exe"
365⤵
PID:676

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:3288

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:3796

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:1844

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
Filesize
1KB

MD5
84e77a587d94307c0ac1357eb4d3d46f

SHA1
83cc900f9401f43d181207d64c5adba7a85edc1e

SHA256
e16024b092a026a9dc00df69d4b9bbcab7b2dc178dc5291fc308a1abc9304a99

SHA512
aefb5c62200b3ed97718d20a89990954d4d8acdc0a6a73c5a420f1bba619cb79e70c2cd0a579b9f52dc6b09e1de2cea6cd6cac4376cfee92d94e2c01d310f691

Download Submit
memory/1584-11-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/1584-28-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/1584-15-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4528-16-0x0000000006250000-0x0000000006262000-memory.dmp

Filesize
72KB

Download
memory/4528-25-0x0000000006590000-0x00000000065A4000-memory.dmp

Filesize
80KB

Download
memory/4528-6-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4528-7-0x00000000058F0000-0x0000000005E94000-memory.dmp

Filesize
5.6MB

Download
memory/4528-8-0x00000000053E0000-0x0000000005472000-memory.dmp

Filesize
584KB

Download
memory/4528-9-0x0000000005520000-0x00000000055BC000-memory.dmp

Filesize
624KB

Download
memory/4528-10-0x0000000005490000-0x000000000549A000-memory.dmp

Filesize
40KB

Download
memory/4528-4-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/4528-103-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4528-21-0x00000000063F0000-0x000000000640E000-memory.dmp

Filesize
120KB

Download
memory/4528-20-0x00000000063E0000-0x00000000063EE000-memory.dmp

Filesize
56KB

Download
memory/4528-14-0x0000000005510000-0x000000000551A000-memory.dmp

Filesize
40KB

Download
memory/4528-24-0x0000000006560000-0x000000000658E000-memory.dmp

Filesize
184KB

Download
memory/4528-23-0x00000000062C0000-0x00000000062CA000-memory.dmp

Filesize
40KB

Download
memory/4528-19-0x00000000062B0000-0x00000000062C4000-memory.dmp

Filesize
80KB

Download
memory/4528-18-0x00000000062A0000-0x00000000062AE000-memory.dmp

Filesize
56KB

Download
memory/4528-17-0x0000000006270000-0x000000000628A000-memory.dmp

Filesize
104KB

Download
memory/4960-3-0x00000000054B0000-0x0000000005538000-memory.dmp

Filesize
544KB

Download
memory/4960-5-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4960-26-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4960-2-0x0000000074EA0000-0x0000000075650000-memory.dmp

Filesize
7.7MB

Download
memory/4960-1-0x0000000000900000-0x0000000000A82000-memory.dmp

Filesize
1.5MB

Download
memory/4960-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads