agenttesla | 627f8214e9589ca767888fd3a4ad42ad7d0aa1dd422f5006538ed5e422c21f38

Analysis

max time kernel
123s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16-09-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Size

1.3MB
MD5

e55fedd6c22acd3a7f5952c827f1dd3c
SHA1

0571e0f30bca6b88d569f035097600de639c6a44
SHA256

627f8214e9589ca767888fd3a4ad42ad7d0aa1dd422f5006538ed5e422c21f38
SHA512

8adb9faf3aae6c0dce6d90af0f64017ce3de698f4a40b7159fba6b6eca5cec40df3e29f56a2a04a65f596028324801c5946df2e5ed176d5659a2e17a2eedce1c
SSDEEP

12288:+ALF+FEkNXkH62mgZ6qO23a0c1LD33T38Iu65nDz4o5LePnR1HvH9nc+Hoq:ZsEkNMmB3L4WI15lvKkoq

Score

10^/10

agenttesla agilenet collection credential_access discovery keylogger persistence spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 3 IoCs

resource	yara_rule
behavioral1/memory/788-5-0x0000000000400000-0x000000000045A000-memory.dmp	family_agenttesla
behavioral1/memory/788-7-0x0000000000400000-0x000000000045A000-memory.dmp	family_agenttesla
behavioral1/memory/788-9-0x0000000000400000-0x000000000045A000-memory.dmp	family_agenttesla

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/2084-2-0x00000000042A0000-0x000000000430E000-memory.dmp	agile_net

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 21 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe

Adds Run key to start application 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroApp = "C:\\Users\\Admin\\AppData\\Roaming\\MicroApp\\MicroApp.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroApp = "C:\\Users\\Admin\\AppData\\Roaming\\MicroApp\\MicroApp.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroApp = "C:\\Users\\Admin\\AppData\\Roaming\\MicroApp\\MicroApp.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroApp = "C:\\Users\\Admin\\AppData\\Roaming\\MicroApp\\MicroApp.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroApp = "C:\\Users\\Admin\\AppData\\Roaming\\MicroApp\\MicroApp.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroApp = "C:\\Users\\Admin\\AppData\\Roaming\\MicroApp\\MicroApp.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroApp = "C:\\Users\\Admin\\AppData\\Roaming\\MicroApp\\MicroApp.exe"	RegAsm.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2084 set thread context of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2500 set thread context of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2800 set thread context of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2672 set thread context of 2636	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	42
PID 2668 set thread context of 2156	2668	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	44
PID 1620 set thread context of 2100	1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	47
PID 2176 set thread context of 2228	2176	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	49
PID 1840 set thread context of 816	1840	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	54
PID 1616 set thread context of 1696	1616	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	59
PID 600 set thread context of 2992	600	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	62
PID 2640 set thread context of 480	2640	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	64
PID 1500 set thread context of 1588	1500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	66
PID 1352 set thread context of 2616	1352	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	68
PID 2624 set thread context of 2840	2624	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	70
PID 2752 set thread context of 1676	2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	72
PID 2208 set thread context of 2668	2208	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	75
PID 1620 set thread context of 288	1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	80
PID 996 set thread context of 292	996	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	82
PID 2040 set thread context of 1720	2040	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	84
PID 1504 set thread context of 2076	1504	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	88
PID 2200 set thread context of 1680	2200	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	90
PID 2752 set thread context of 2068	2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	92
PID 372 set thread context of 1620	372	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	94
PID 1752 set thread context of 3020	1752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	96
PID 3044 set thread context of 2200	3044	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	100
PID 2752 set thread context of 372	2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	102
PID 3116 set thread context of 3156	3116	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	104
PID 3208 set thread context of 3284	3208	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	107
PID 3340 set thread context of 3404	3340	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	109
PID 3488 set thread context of 3520	3488	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	111
PID 3592 set thread context of 3628	3592	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	113
PID 3684 set thread context of 3736	3684	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	115
PID 3824 set thread context of 3848	3824	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	117
PID 3924 set thread context of 3956	3924	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	119
PID 4012 set thread context of 4088	4012	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	124
PID 1124 set thread context of 264	1124	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	126
PID 2688 set thread context of 3420	2688	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	129
PID 3116 set thread context of 3260	3116	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	131
PID 3660 set thread context of 3496	3660	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	133
PID 3912 set thread context of 3688	3912	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	135
PID 3936 set thread context of 648	3936	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	138
PID 4008 set thread context of 4036	4008	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	141
PID 1864 set thread context of 3272	1864	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	145
PID 3084 set thread context of 3492	3084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	148
PID 2416 set thread context of 3560	2416	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	150
PID 3692 set thread context of 3200	3692	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	152
PID 3116 set thread context of 3660	3116	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	154
PID 3896 set thread context of 4016	3896	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	157
PID 4172 set thread context of 4220	4172	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	161
PID 4296 set thread context of 4540	4296	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	163
PID 4612 set thread context of 4680	4612	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	167
PID 4748 set thread context of 4796	4748	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	170
PID 4860 set thread context of 4900	4860	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	172
PID 4952 set thread context of 5008	4952	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	174
PID 5064 set thread context of 4100	5064	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	177
PID 3480 set thread context of 4272	3480	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	179
PID 1552 set thread context of 4336	1552	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	181
PID 3316 set thread context of 3384	3316	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	183
PID 3556 set thread context of 4356	3556	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	187
PID 2944 set thread context of 2644	2944	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	189
PID 3860 set thread context of 1936	3860	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	191
PID 4012 set thread context of 3932	4012	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	194
PID 2148 set thread context of 3968	2148	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	198
PID 4064 set thread context of 3348	4064	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	202

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2668	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2176	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1840	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1840	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1840	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1840	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1616	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1616	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1616	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1616	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
600	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
600	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2640	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1352	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2624	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2208	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2208	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
996	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2040	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1504	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1504	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1504	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2200	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
372	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3044	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3044	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3044	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3116	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3208	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3208	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3340	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3488	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3592	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3684	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3824	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3924	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
4012	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
4012	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
4012	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
4012	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
1124	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2688	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
2688	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3116	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
3660	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2668	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2176	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1840	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1616	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	600	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2640	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1352	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2624	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2208	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1620	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	996	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2040	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1504	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2200	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	372	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3044	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2752	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3116	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3208	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3340	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3488	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3592	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3684	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3824	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3924	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	4012	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1124	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2688	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3116	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3660	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3912	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3936	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	4008	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1864	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2416	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3692	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3116	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3896	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	4172	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2876	RegAsm.exe
Token: SeDebugPrivilege	4296	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	4612	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	4748	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	4860	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	4952	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	5064	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3480	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	1552	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3316	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3556	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2944	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	3860	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	4012	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
Token: SeDebugPrivilege	2148	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2084 wrote to memory of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2084 wrote to memory of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2084 wrote to memory of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2084 wrote to memory of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2084 wrote to memory of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2084 wrote to memory of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2084 wrote to memory of 788	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	30
PID 2084 wrote to memory of 2500	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	31
PID 2084 wrote to memory of 2500	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	31
PID 2084 wrote to memory of 2500	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	31
PID 2084 wrote to memory of 2500	2084	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	31
PID 2500 wrote to memory of 2272	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	32
PID 2500 wrote to memory of 2272	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	32
PID 2500 wrote to memory of 2272	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	32
PID 2500 wrote to memory of 2272	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	32
PID 2500 wrote to memory of 2272	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	32
PID 2500 wrote to memory of 2272	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	32
PID 2500 wrote to memory of 2272	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	32
PID 2500 wrote to memory of 2960	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	33
PID 2500 wrote to memory of 2960	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	33
PID 2500 wrote to memory of 2960	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	33
PID 2500 wrote to memory of 2960	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	33
PID 2500 wrote to memory of 2960	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	33
PID 2500 wrote to memory of 2960	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	33
PID 2500 wrote to memory of 2960	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	33
PID 2500 wrote to memory of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2500 wrote to memory of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2500 wrote to memory of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2500 wrote to memory of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2500 wrote to memory of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2500 wrote to memory of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2500 wrote to memory of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2500 wrote to memory of 2876	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	34
PID 2500 wrote to memory of 2800	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	36
PID 2500 wrote to memory of 2800	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	36
PID 2500 wrote to memory of 2800	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	36
PID 2500 wrote to memory of 2800	2500	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	36
PID 2800 wrote to memory of 840	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	38
PID 2800 wrote to memory of 840	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	38
PID 2800 wrote to memory of 840	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	38
PID 2800 wrote to memory of 840	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	38
PID 2800 wrote to memory of 840	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	38
PID 2800 wrote to memory of 840	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	38
PID 2800 wrote to memory of 840	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	38
PID 2800 wrote to memory of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2800 wrote to memory of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2800 wrote to memory of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2800 wrote to memory of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2800 wrote to memory of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2800 wrote to memory of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2800 wrote to memory of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2800 wrote to memory of 2736	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	39
PID 2800 wrote to memory of 2672	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	40
PID 2800 wrote to memory of 2672	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	40
PID 2800 wrote to memory of 2672	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	40
PID 2800 wrote to memory of 2672	2800	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	40
PID 2672 wrote to memory of 2204	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	41
PID 2672 wrote to memory of 2204	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	41
PID 2672 wrote to memory of 2204	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	41
PID 2672 wrote to memory of 2204	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	41
PID 2672 wrote to memory of 2204	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	41
PID 2672 wrote to memory of 2204	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	41
PID 2672 wrote to memory of 2204	2672	e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe	41

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:788
- C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:2272
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:2960
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    - Accesses Microsoft Outlook profiles
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:840
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
      4⤵
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious behavior: MapViewOfSection
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        5⤵
        
        PID:2204
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        5⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        5⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2668
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        6⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        6⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        7⤵
        
        PID:2104
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        7⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        8⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        
        PID:2996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        
        PID:1400
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        
        PID:2576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        9⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        10⤵
        
        PID:2548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        10⤵
        
        PID:1312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        10⤵
        
        PID:1120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        10⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        11⤵
        
        PID:1296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        11⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        11⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2640
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        12⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        12⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        13⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        14⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        14⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        15⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        15⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        16⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        16⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        17⤵
        
        PID:1032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        17⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        17⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        
        PID:2016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        
        PID:444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        18⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        19⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        19⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        20⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        20⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1504
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        21⤵
        
        PID:1964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        21⤵
        
        PID:2540
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        21⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        21⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2200
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        22⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        22⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        23⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:372
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        24⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        24⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        25⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        25⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        
        PID:2336
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        
        PID:1260
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        26⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        27⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        28⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        28⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        29⤵
        
        PID:3276
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        29⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        29⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        30⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        31⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        31⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        32⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        32⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3684
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        33⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        33⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3824
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        34⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        34⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        35⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        35⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4012
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        36⤵
        
        PID:4064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        36⤵
        
        PID:4072
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        36⤵
        
        PID:4080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        36⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        37⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        38⤵
        
        PID:3412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        38⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        38⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        39⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        39⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3660
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        40⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        40⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3912
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        41⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        41⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        42⤵
        
        PID:2416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        42⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        42⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:4008
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        43⤵
        
        PID:4016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        43⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        43⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        44⤵
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        44⤵
        
        PID:3108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        44⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        44⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3084
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        45⤵
        
        PID:3748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        45⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        45⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        46⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        46⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        47⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        47⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        48⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        48⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        49⤵
        
        PID:3744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        49⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        49⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4172
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:4204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:4212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        50⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        51⤵
        Accesses Microsoft Outlook profiles
        Adds Run key to start application
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        51⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        52⤵
        
        PID:4664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        52⤵
        
        PID:4672
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        52⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        52⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        53⤵
        
        PID:4788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        53⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        53⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        54⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        54⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4952
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        55⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        55⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:5064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        56⤵
        
        PID:5116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        56⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        56⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        57⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        57⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        58⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        58⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:3316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        59⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        59⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:4116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:4128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        60⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2944
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        61⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        61⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        62⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        62⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4012
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        63⤵
        
        PID:2336
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        63⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        63⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        64⤵
        
        PID:3328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        64⤵
        
        PID:2912
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        64⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        64⤵
        Suspicious use of SetThreadContext
        
        PID:4064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        65⤵
        
        PID:3636
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        65⤵
        
        PID:3644
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        65⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        65⤵
        
        PID:2164
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        66⤵
        
        PID:2380
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        66⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        66⤵
        
        PID:444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        67⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        67⤵
        
        PID:600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        68⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        68⤵
        
        PID:4256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        69⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        69⤵
        
        PID:3436
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        70⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        70⤵
        
        PID:3216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        71⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        71⤵
        
        PID:4472
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        72⤵
        
        PID:2936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        73⤵
        
        PID:3612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        73⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        73⤵
        
        PID:1068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        74⤵
        
        PID:2172
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        75⤵
        
        PID:4028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        75⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        75⤵
        
        PID:2820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        76⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        76⤵
        
        PID:3284
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        77⤵
        
        PID:3492
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        77⤵
        
        PID:2100
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        77⤵
        
        PID:1696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        77⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        77⤵
        
        PID:2200
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        78⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        78⤵
        
        PID:4520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        79⤵
        
        PID:4556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        79⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        79⤵
        
        PID:4180
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        80⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        80⤵
        
        PID:4608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:4792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:4616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        81⤵
        
        PID:4920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:5104
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:4864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:4880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:4896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        82⤵
        
        PID:4980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        83⤵
        
        PID:1804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        84⤵
        
        PID:4368
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        85⤵
        
        PID:3372
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        85⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        85⤵
        
        PID:1500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        86⤵
        
        PID:4372
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        86⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        87⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        87⤵
        
        PID:3192
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        88⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        89⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        89⤵
        
        PID:2208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        90⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        90⤵
        
        PID:4444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        91⤵
        
        PID:3408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        91⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        91⤵
        
        PID:2940
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        92⤵
        
        PID:3300
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        92⤵
        
        PID:2168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        92⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        92⤵
        
        PID:272
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        93⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        93⤵
        
        PID:4068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        94⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        94⤵
        
        PID:2864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        95⤵
        Accesses Microsoft Outlook profiles
        Adds Run key to start application
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        95⤵
        
        PID:4324
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        96⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        97⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        97⤵
        
        PID:3788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        98⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        98⤵
        
        PID:4396
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        99⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        99⤵
        
        PID:3864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        
        PID:1748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        
        PID:3160
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        101⤵
        
        PID:1612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        101⤵
        
        PID:4448
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        101⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        101⤵
        
        PID:444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        102⤵
        
        PID:2032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        103⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        103⤵
        
        PID:4420
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        104⤵
        
        PID:4936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        104⤵
        
        PID:4428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        104⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        104⤵
        
        PID:3424
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        105⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        105⤵
        
        PID:2272
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        106⤵
        
        PID:4924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        106⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        106⤵
        
        PID:1616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        107⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        107⤵
        
        PID:4704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        108⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        108⤵
        
        PID:2556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        109⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        109⤵
        
        PID:2520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        110⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        110⤵
        
        PID:3700
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        111⤵
        
        PID:2740
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        111⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        112⤵
        
        PID:2496
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        112⤵
        
        PID:2240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        112⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        112⤵
        
        PID:4244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:760
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:1932
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:3000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        113⤵
        
        PID:3784
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        114⤵
        
        PID:3652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        115⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        115⤵
        
        PID:2356
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        116⤵
        
        PID:1860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        116⤵
        
        PID:4508
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        116⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        117⤵
        
        PID:4116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        117⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        117⤵
        
        PID:3432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        118⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        118⤵
        
        PID:3948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        119⤵
        
        PID:2956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        119⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        119⤵
        
        PID:1944
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        120⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        120⤵
        
        PID:3164
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        121⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        121⤵
        
        PID:1056
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        122⤵
        
        PID:1936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        122⤵
        
        PID:3144
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        122⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        122⤵
        
        PID:2840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:2668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        123⤵
        
        PID:272
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        124⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        124⤵
        
        PID:3592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        125⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        125⤵
        
        PID:4748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        126⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        126⤵
        
        PID:1984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        127⤵
        
        PID:3312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        127⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        127⤵
        
        PID:4400
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        128⤵
        
        PID:4412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        128⤵
        
        PID:2208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        128⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        128⤵
        
        PID:3828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        129⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        129⤵
        
        PID:4420
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        130⤵
        
        PID:5004
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        130⤵
        
        PID:4152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        130⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        130⤵
        
        PID:2272
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        131⤵
        
        PID:4212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        131⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        131⤵
        
        PID:3904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        132⤵
        
        PID:3044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        132⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        132⤵
        
        PID:2340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        
        PID:2520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        
        PID:2720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        133⤵
        
        PID:1312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        134⤵
        
        PID:2684
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        135⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        135⤵
        
        PID:4500
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        136⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        136⤵
        
        PID:4492
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        137⤵
        
        PID:1004
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        137⤵
        
        PID:3452
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        137⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        137⤵
        
        PID:2016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        138⤵
        Accesses Microsoft Outlook profiles
        Adds Run key to start application
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        138⤵
        
        PID:4340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        139⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        139⤵
        
        PID:5040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        140⤵
        
        PID:2328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        141⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        141⤵
        
        PID:4344
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        142⤵
        
        PID:1908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        142⤵
        
        PID:2572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        142⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        142⤵
        
        PID:3696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        143⤵
        
        PID:1644
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        143⤵
        
        PID:3248
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        144⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        144⤵
        
        PID:1672
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        
        PID:2484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        
        PID:4732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        145⤵
        
        PID:4168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        146⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        146⤵
        
        PID:2684
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        147⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        147⤵
        
        PID:3208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        148⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        148⤵
        
        PID:3148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        149⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        149⤵
        
        PID:4376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        150⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        150⤵
        
        PID:1600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        151⤵
        
        PID:2320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        151⤵
        
        PID:1324
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        151⤵
        
        PID:1576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        151⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        151⤵
        
        PID:1748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        152⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        152⤵
        
        PID:3344
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        153⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        153⤵
        
        PID:3472
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:3488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:3540
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        154⤵
        
        PID:4964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        155⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        155⤵
        
        PID:4692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:2148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:5092
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:2900
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        156⤵
        
        PID:404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        157⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        157⤵
        
        PID:2804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        158⤵
        
        PID:1824
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        158⤵
        
        PID:4912
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        158⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        158⤵
        
        PID:4768
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        159⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        159⤵
        
        PID:3556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:2608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:3284
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:4284
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:4080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:3084
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        160⤵
        System Location Discovery: System Language Discovery
        
        PID:5096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        161⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        161⤵
        
        PID:3808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        162⤵
        
        PID:3644
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        162⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        162⤵
        
        PID:3572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:3548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:3576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        163⤵
        
        PID:916
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        164⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        164⤵
        
        PID:4240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        165⤵
        
        PID:4504
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        165⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        165⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        166⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        166⤵
        
        PID:3792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        167⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        167⤵
        
        PID:888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        168⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        168⤵
        
        PID:4212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        169⤵
        
        PID:3828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        169⤵
        
        PID:1984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        169⤵
        
        PID:3696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        170⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        170⤵
        
        PID:2520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        171⤵
        
        PID:2200
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        171⤵
        
        PID:2792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        171⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        171⤵
        
        PID:1624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:2828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:1816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:3604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:2684
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:4968
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        172⤵
        
        PID:4388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        173⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        173⤵
        
        PID:1576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        174⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        174⤵
        
        PID:1600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:2296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        175⤵
        
        PID:2064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:4856
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:4820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:2984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:4472
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:4048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        176⤵
        
        PID:3908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        177⤵
        
        PID:2268
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        177⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        177⤵
        
        PID:4612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        178⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        178⤵
        
        PID:4392
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        179⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        179⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        180⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        180⤵
        
        PID:984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        181⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        181⤵
        
        PID:2140
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        182⤵
        
        PID:2840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        182⤵
        
        PID:5008
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        182⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        182⤵
        
        PID:3932
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        183⤵
        
        PID:3956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        183⤵
        
        PID:4152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        183⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        183⤵
        
        PID:4484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        184⤵
        Accesses Microsoft Outlook profiles
        Adds Run key to start application
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        184⤵
        
        PID:4168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        185⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        185⤵
        
        PID:2324
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        186⤵
        
        PID:5104
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        186⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        186⤵
        
        PID:4888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        187⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        187⤵
        
        PID:404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:1120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:2156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:5048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:2804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:3664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:4964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:3340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:4976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        189⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        189⤵
        
        PID:2308
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        190⤵
        
        PID:1296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        190⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        190⤵
        
        PID:3628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        191⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        191⤵
        
        PID:4252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:2456
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:5028
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        192⤵
        
        PID:3560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        193⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        194⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        194⤵
        
        PID:1700
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        195⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        195⤵
        
        PID:1676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        196⤵
        
        PID:264
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        196⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        196⤵
        
        PID:2880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:2188
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:4832
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        197⤵
        
        PID:2172
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        198⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        198⤵
        
        PID:1488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        199⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        199⤵
        
        PID:4120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:4956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:5116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:3400
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:2944
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:4788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:4664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:4516
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        200⤵
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        201⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        201⤵
        
        PID:5036
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        202⤵
        
        PID:4424
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        202⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        202⤵
        
        PID:2000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        203⤵
        
        PID:1540
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        203⤵
        
        PID:4268
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        203⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        203⤵
        
        PID:3788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        204⤵
        
        PID:4872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        204⤵
        
        PID:1080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        204⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        204⤵
        
        PID:2112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        205⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        205⤵
        
        PID:4676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        206⤵
        
        PID:2604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        206⤵
        System Location Discovery: System Language Discovery
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        206⤵
        
        PID:3704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        207⤵
        
        PID:4008
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        207⤵
        
        PID:1840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        207⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        207⤵
        
        PID:3524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        208⤵
        
        PID:3624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        208⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        208⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        209⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        210⤵
        
        PID:604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        210⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        210⤵
        
        PID:2084
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        211⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        212⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        212⤵
        
        PID:2896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        213⤵
        
        PID:1612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        213⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        213⤵
        
        PID:1536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        214⤵
        
        PID:3908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        215⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        215⤵
        
        PID:3620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        216⤵
        
        PID:4188
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        216⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        216⤵
        
        PID:3284
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        217⤵
        
        PID:2332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        217⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        217⤵
        
        PID:4744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        218⤵
        
        PID:4624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        219⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        219⤵
        
        PID:4740
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        220⤵
        
        PID:264
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        220⤵
        
        PID:4536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        220⤵
        
        PID:1660
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        220⤵
        
        PID:4804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        220⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        220⤵
        
        PID:3376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        221⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        221⤵
        System Location Discovery: System Language Discovery
        
        PID:4548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        222⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        222⤵
        
        PID:4300
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        223⤵
        
        PID:1488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        223⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        223⤵
        
        PID:4120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        224⤵
        
        PID:4356
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        224⤵
        
        PID:1064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        224⤵
        
        PID:4720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        224⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        224⤵
        
        PID:4456
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        225⤵
        
        PID:3128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        225⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        225⤵
        
        PID:3352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        226⤵
        
        PID:3328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        226⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        226⤵
        
        PID:2548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        227⤵
        
        PID:3984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        227⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        227⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        228⤵
        
        PID:4320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        228⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        228⤵
        
        PID:4504
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        229⤵
        
        PID:4992
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        229⤵
        
        PID:1756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        229⤵
        Accesses Microsoft Outlook profiles
        Adds Run key to start application
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        229⤵
        
        PID:3372
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        230⤵
        
        PID:2316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        230⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        230⤵
        
        PID:3756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        231⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        231⤵
        
        PID:1680
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        232⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        232⤵
        
        PID:4804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        233⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        233⤵
        
        PID:3928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        234⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        234⤵
        
        PID:2764
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        235⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        235⤵
        
        PID:2128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:1088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:3076
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:4928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:3328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:3656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        236⤵
        
        PID:3724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        237⤵
        
        PID:3000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        237⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        237⤵
        
        PID:1984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        238⤵
        
        PID:3240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        238⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        238⤵
        
        PID:5104
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        239⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        239⤵
        
        PID:3520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        240⤵
        
        PID:4748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        240⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        240⤵
        System Location Discovery: System Language Discovery
        
        PID:1032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        241⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        241⤵
        
        PID:4788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        242⤵
        
        PID:1332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        242⤵
        
        PID:4772
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        242⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        242⤵
        
        PID:3844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        243⤵
        
        PID:3604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        243⤵
        
        PID:4444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        243⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        243⤵
        
        PID:2972
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        244⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        244⤵
        
        PID:4060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        245⤵
        
        PID:3408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        245⤵
        
        PID:2560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        245⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        245⤵
        
        PID:1400
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        246⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        246⤵
        
        PID:1792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        247⤵
        
        PID:3416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        247⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        247⤵
        
        PID:4880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        248⤵
        
        PID:1864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        248⤵
        
        PID:4276
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        248⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        248⤵
        
        PID:2068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        249⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        249⤵
        
        PID:1748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        250⤵
        
        PID:2860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        250⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        250⤵
        
        PID:4004
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        251⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        251⤵
        
        PID:4728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        252⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        252⤵
        
        PID:3700
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        253⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        253⤵
        
        PID:4384
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        254⤵
        
        PID:1584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        254⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        254⤵
        
        PID:1932
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:4136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:3060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:1676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:5020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:2244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:2912
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        255⤵
        
        PID:3156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        256⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        256⤵
        
        PID:4436
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        
        PID:2548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        
        PID:404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        System Location Discovery: System Language Discovery
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        257⤵
        
        PID:2940
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        258⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        258⤵
        
        PID:3064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        259⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        259⤵
        
        PID:3172
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        260⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        260⤵
        
        PID:1620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        261⤵
        
        PID:4548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        261⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        261⤵
        
        PID:4104
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        262⤵
        
        PID:2240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        262⤵
        
        PID:3860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        262⤵
        
        PID:4208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        262⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        262⤵
        
        PID:3684
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        263⤵
        
        PID:2124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        263⤵
        
        PID:3544
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        263⤵
        
        PID:3724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        263⤵
        
        PID:2272
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        263⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        263⤵
        
        PID:688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        264⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        264⤵
        
        PID:328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        265⤵
        
        PID:2416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        265⤵
        
        PID:3192
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        265⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        265⤵
        
        PID:1004
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        266⤵
        
        PID:2152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        266⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        266⤵
        
        PID:1160
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        267⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        267⤵
        
        PID:4024
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        268⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        268⤵
        
        PID:2904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        269⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        269⤵
        
        PID:1636
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        270⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        270⤵
        
        PID:2396
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        271⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        271⤵
        
        PID:1260
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        272⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        272⤵
        
        PID:764
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        273⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        273⤵
        
        PID:2912
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        274⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        274⤵
        
        PID:3296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        275⤵
        
        PID:1588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        275⤵
        Accesses Microsoft Outlook profiles
        Adds Run key to start application
        outlook_office_path
        outlook_win_path
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        275⤵
        
        PID:1904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        276⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        276⤵
        
        PID:3504
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        277⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        277⤵
        
        PID:656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        278⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        278⤵
        
        PID:3668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        279⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        279⤵
        
        PID:4228
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        280⤵
        
        PID:3728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        280⤵
        
        PID:2224
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        280⤵
        
        PID:3416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        280⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        280⤵
        
        PID:3572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        281⤵
        
        PID:996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        281⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        281⤵
        
        PID:2720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        282⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        282⤵
        
        PID:4236
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        283⤵
        
        PID:3488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        283⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        283⤵
        
        PID:4404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        284⤵
        
        PID:4720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        284⤵
        
        PID:3548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        284⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        284⤵
        
        PID:2496
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        285⤵
        
        PID:3272
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        285⤵
        
        PID:3136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        285⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        285⤵
        
        PID:3092
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:3288
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:1932
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:3080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:1704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:3672
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:2308
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:4584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:2956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:2772
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        286⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        286⤵
        
        PID:872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        287⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        287⤵
        
        PID:3120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        288⤵
        
        PID:3412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        288⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        288⤵
        
        PID:4376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        289⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        289⤵
        
        PID:3188
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        290⤵
        
        PID:1540
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        290⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        290⤵
        
        PID:4216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        291⤵
        
        PID:4800
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        291⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        291⤵
        
        PID:4668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        292⤵
        
        PID:3436
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        292⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        292⤵
        
        PID:3976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        293⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        293⤵
        
        PID:3808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        294⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        294⤵
        
        PID:3636
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        295⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        295⤵
        
        PID:1428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        296⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        296⤵
        
        PID:1008
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        297⤵
        
        PID:3464
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        297⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        297⤵
        
        PID:4244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        298⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        298⤵
        
        PID:1552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        299⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        299⤵
        
        PID:3896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        300⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        300⤵
        
        PID:3164
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        301⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        301⤵
        
        PID:4064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        302⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        302⤵
        
        PID:4032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        303⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        303⤵
        
        PID:1672
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        304⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        304⤵
        
        PID:3724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        305⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        305⤵
        
        PID:3504
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        306⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        306⤵
        
        PID:5092
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        307⤵
        
        PID:2148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        307⤵
        
        PID:3432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        307⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        307⤵
        System Location Discovery: System Language Discovery
        
        PID:1260
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        308⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        308⤵
        
        PID:2256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        309⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        309⤵
        
        PID:3652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        310⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        310⤵
        
        PID:4784
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        311⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        311⤵
        
        PID:3332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        312⤵
        
        PID:1988
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        312⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        312⤵
        
        PID:2412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        313⤵
        
        PID:2336
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        313⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        313⤵
        
        PID:1540
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        314⤵
        
        PID:1936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        314⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        314⤵
        
        PID:2280
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        315⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        315⤵
        
        PID:4668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        316⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        316⤵
        
        PID:3808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        317⤵
        
        PID:1840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        317⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        317⤵
        
        PID:3620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        318⤵
        
        PID:868
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        318⤵
        
        PID:3256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        318⤵
        
        PID:3608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        318⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        318⤵
        
        PID:4876
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        319⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        319⤵
        
        PID:3124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        320⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        320⤵
        
        PID:688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        321⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        321⤵
        
        PID:3728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        322⤵
        
        PID:3520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        322⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        322⤵
        
        PID:1596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        323⤵
        
        PID:3048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        323⤵
        
        PID:2312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        323⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        323⤵
        
        PID:1704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        324⤵
        
        PID:4504
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        324⤵
        
        PID:4304
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        324⤵
        
        PID:4992
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        324⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        324⤵
        
        PID:4616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        325⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        325⤵
        
        PID:4488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        326⤵
        
        PID:2948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        326⤵
        
        PID:3856
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        326⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        326⤵
        
        PID:1192
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        327⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        327⤵
        
        PID:1616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        328⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        328⤵
        
        PID:536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        329⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        329⤵
        
        PID:3168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        330⤵
        
        PID:2484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        330⤵
        
        PID:2636
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        330⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        330⤵
        
        PID:4208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        331⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        331⤵
        
        PID:860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        332⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        332⤵
        
        PID:4800
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        333⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        333⤵
        
        PID:2236
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        334⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        334⤵
        
        PID:3180
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        335⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        335⤵
        
        PID:3736
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        336⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        336⤵
        
        PID:528
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        337⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        337⤵
        
        PID:5064
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        338⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        338⤵
        
        PID:4368
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        339⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        339⤵
        
        PID:1972
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        340⤵
        
        PID:4296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        340⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        340⤵
        
        PID:2172
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        341⤵
        
        PID:2364
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        341⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        341⤵
        
        PID:2052
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        342⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        342⤵
        
        PID:2152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        343⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        343⤵
        
        PID:2812
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        344⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        344⤵
        
        PID:2664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        345⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        345⤵
        
        PID:1608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        346⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        346⤵
        
        PID:3068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        347⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        347⤵
        
        PID:2332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        348⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        348⤵
        
        PID:4388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        349⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        349⤵
        
        PID:3712
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        350⤵
        
        PID:3596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        350⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        350⤵
        
        PID:688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        351⤵
        
        PID:4568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        351⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        351⤵
        
        PID:2640
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        352⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        352⤵
        
        PID:984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        353⤵
        
        PID:4528
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        353⤵
        
        PID:2560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        353⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        353⤵
        
        PID:1692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        354⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        354⤵
        
        PID:2892
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        355⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        355⤵
        
        PID:2728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        356⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        356⤵
        
        PID:4632
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        357⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        357⤵
        
        PID:3936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        358⤵
        
        PID:2840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        358⤵
        
        PID:5016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        358⤵
        
        PID:760
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        358⤵
        
        PID:2260
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        358⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        358⤵
        
        PID:3764
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        359⤵
        
        PID:3120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        359⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        359⤵
        
        PID:3080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        360⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        360⤵
        
        PID:264
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        361⤵
        
        PID:3044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        361⤵
        
        PID:4368
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        361⤵
        
        PID:3592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        361⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        361⤵
        
        PID:4924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:4524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:2960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:4708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:4776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        362⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        362⤵
        
        PID:4908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        363⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        363⤵
        
        PID:3584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        364⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        364⤵
        
        PID:1644
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        365⤵
        
        PID:3532
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        365⤵
        
        PID:1120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        365⤵
        
        PID:1792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        365⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        365⤵
        
        PID:2612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        366⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        366⤵
        
        PID:548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        367⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e55fedd6c22acd3a7f5952c827f1dd3c_JaffaCakes118.exe"
        367⤵
        
        PID:4316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        368⤵
        
        PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\MicroApp\MicroApp.exe

Filesize
63KB

MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
memory/788-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/788-7-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/788-9-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2084-0-0x000000007431E000-0x000000007431F000-memory.dmp

Filesize
4KB

Download
memory/2084-1-0x0000000000A50000-0x0000000000BA4000-memory.dmp

Filesize
1.3MB

Download
memory/2084-2-0x00000000042A0000-0x000000000430E000-memory.dmp

Filesize
440KB

Download
memory/2084-3-0x0000000074310000-0x00000000749FE000-memory.dmp

Filesize
6.9MB

Download
memory/2084-4-0x00000000008E0000-0x0000000000938000-memory.dmp

Filesize
352KB

Download
memory/2084-10-0x0000000074310000-0x00000000749FE000-memory.dmp

Filesize
6.9MB

Download
memory/2084-14-0x0000000074310000-0x00000000749FE000-memory.dmp

Filesize
6.9MB

Download
memory/2876-157-0x0000000000840000-0x000000000084A000-memory.dmp

Filesize
40KB

Download