Malware Analysis Report

2024-10-19 10:43

Sample ID 241011-f8c2qashjr
Target 33755784b9128aabea98a2d4f0bebb86_JaffaCakes118
SHA256 05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a
Tags
upx xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

05d0be6bbf2ce6d8b29a257629e071836290cf2a83e16641cf08ba5378317f9a

Threat Level: Known bad

The file 33755784b9128aabea98a2d4f0bebb86_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist Ransomware

Xorist family

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-11 05:32

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-11 05:32

Reported

2024-10-11 05:34

Platform

win7-20241010-en

Max time kernel

100s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv003.inf_amd64_neutral_1e0c4fbb9b11b015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_neutral_7572473d88d69307\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_neutral_7c21481229e1e66c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_neutral_5eb6ac70dd1a3ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_neutral_e68956e24e287714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wdi\perftrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_neutral_4c78da9e48068043\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prngt004.inf_amd64_neutral_f5bf8a7ba9dfff55\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\imekr8\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_neutral_716a306ec3899e04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_neutral_9fe8503f82ce60fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_neutral_8e3809aa77440c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00e.inf_amd64_neutral_0a4797d9b127d3a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_neutral_de46607a02fe2552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_neutral_c2bb3ef1c45cd5a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky308.inf_amd64_ja-jp_d90af802b607044a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Mail\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Chess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b023321bc53c20c10ccbbd8f78c82c82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Wind5abb17e9#\5e166029e28675fbb6e2fc59ac6fa167\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-diskmgt.resources_31bf3856ad364e35_6.1.7600.16385_en-us_844346d4b571e6c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..cywmdmapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0644e7edbaa4b31c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9b0c6b4d7ef992f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.1.7600.16385_none_76a3e7136851eccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..favorites.resources_31bf3856ad364e35_8.0.7600.16385_de-de_5ebba2a00671142d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wdmaudio.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_89b3674078c70745\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d8f2057f6b094e84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ldap-client.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0a1287b745a0addd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\inf\rdyboost\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-library.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_594fd86cb2695abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-touch.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7f671ca38f25e7ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mail-app.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e0e3f8ce188d8546\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_de8f9631acce7e4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\Resources\Themes\Aero\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6302540265a9aa44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_fr-fr_c94919266ff3de42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prngt002.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e2864945796e9e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-font-fms.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_918b43ae67cf6a1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Net.22cc68a8#\d6af9b93ec347c84ed702eb0e824f218\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-r..ienttools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4d5cdc7ece584a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-gdi32_31bf3856ad364e35_6.1.7601.17514_none_c1f959bd9451d7a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..idgenetsh.resources_31bf3856ad364e35_6.1.7600.16385_it-it_af7c45fb3af0e8ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_smartcrd.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_55546733ef5647df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.1.7600.16385_none_19034b5baee4e923\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..ermodepnp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eb5ec32f73606acf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-28592_31bf3856ad364e35_6.1.7600.16385_none_5569e4a945590861\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_de-de_bcae5270428aeb14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_a370be9aa0513adf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_90aaf546884659bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_8.0.7600.16385_de-de_f143e898c6a82cb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_net1qx64.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9741bc4d255f06bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-c..rdefaults.resources_31bf3856ad364e35_6.1.7600.16385_de-de_080a9b1ecddb2b6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3779478057f3fce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_6.1.7600.16385_de-de_040354651b707cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..andgroups.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b5f86a77f3ebc892\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration.resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ional-codepage-1141_31bf3856ad364e35_6.1.7600.16385_none_7d9e4fef2446d24e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sstext3d.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e52dc464fc8f40ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-mystify.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c8fa5a9054c2f41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_30c0365027dd4aaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4fd161061134e728\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..rity-ntlm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0a6e2760c0b4b30d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d3391b84138f461f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_32c83d2a27a41a20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..s-service.resources_31bf3856ad364e35_6.1.7600.16385_en-us_676207815c08e334\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_vsmraid.inf_31bf3856ad364e35_6.1.7600.16385_none_505ceec7b425f388\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.dynamicdata.design.resources_31bf3856ad364e35_6.1.7600.16385_de-de_90d056b07c64c2b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4c1260d68834de6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.1.7601.17514_none_4e7fa5bfc379eecd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_81816f6d8ca15354\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netl160a.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7bf16b713774351e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sud.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f804fc3ab9b02239\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b56f3a1a1dd48572\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6a65a32788e2b710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\Help\Help\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-858_31bf3856ad364e35_6.1.7600.16385_none_2adc7826b4e37422\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_6.1.7600.16385_it-it_1b418a5ef53dfa44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ac-sql-cliconfg-dll_31bf3856ad364e35_6.1.7600.16385_none_6a55ae27bba9eda7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_234809c32cf5e8cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbtmdm.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_af17a416dc74fd47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open\command C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MQISXQQKMIDJKVK" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\DefaultIcon C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe,0" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe"

Network

N/A

Files

memory/2116-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 45f35ddbedac15a2a3a7849543dd9f65
SHA1 82f11f58c6ec43a262383fcb91347c5dc48d50dc
SHA256 d3180592af35bcf9c70c24e6f1b11784c4a209167e38261b27f01a9ad36db5c6
SHA512 c574be496143d89d41704fa3334a095a46d2270df68ca6213262ed66313fa620895f60461f156412be0c225da7e17b9d0fd4d34255c90bfc2441264da89d6612

memory/2116-1830-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-1831-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-3314-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-4586-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-4763-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-4764-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-4765-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-4766-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-4767-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-4768-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2116-4769-0x0000000000400000-0x000000000040C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-11 05:32

Reported

2024-10-11 05:34

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_db80a6e1be3a2d08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_7a75739c411a71d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp.inf_amd64_614ec8e6e63777b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_bd91a147ab4ebf1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthoob.inf_amd64_c6923052f60677d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_42b97498c7087292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Velocity\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\be-BY\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.513.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2019.807.41.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\win_x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lo-LA\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\win_x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\HoloTileAssets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Lumia.MagicEdit\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\msil_microsoft.powershel..sreadline.resources_31bf3856ad364e35_10.0.19041.1_en-us_750932d6044aa044\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_e6ca3ecba1d5d7da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-psmcoreserver_31bf3856ad364e35_10.0.19041.264_none_88b304b9e166133c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ces-workspacebroker_31bf3856ad364e35_10.0.19041.1151_none_0412565dd5f26733\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_10.0.19041.1_none_3b2d243ce816c794\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-wincal-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6e19685b50661c80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mfcore_31bf3856ad364e35_10.0.19041.1288_none_6ff4f71140c21686\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\rescache\_merged\3479232320\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..brokeredapi-onecore_31bf3856ad364e35_10.0.19041.1023_none_857afe8b048a21c9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_it-it_6faeee6765322d55\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..krecognition-forime_31bf3856ad364e35_10.0.19041.1_none_f9d8ab7690adee48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-flacencoder_31bf3856ad364e35_10.0.19041.746_none_fcdcc022ec231bfa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll001a_31bf3856ad364e35_10.0.19041.1_none_a29479c550cbf9e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mf-vfw_31bf3856ad364e35_10.0.19041.1_none_98d28d5b3a9a4d43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\SMDiagnostics.Resources\3.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_es-es_7edc91791b96d497\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..s-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6f03369bdbe6f7e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_windows-id-connecte..nt-provider-msidcrl_31bf3856ad364e35_10.0.19041.1_none_bd88d8f644ba1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.19041.546_none_60324d60a5ae9b6f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_10.0.19041.867_none_aa218bebc7c352ef\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Apps\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_10.0.19041.1151_none_1ff907b40ed3d811\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..forcesync.resources_31bf3856ad364e35_10.0.19041.1_en-us_35c80a26e09be706\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1023_zh-cn_d64794aa85c0c266\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-tasklist.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a54e43e89061b9df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_10.0.19041.746_none_d2faec5a7d7a017e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042b_31bf3856ad364e35_10.0.19041.1_none_b2ede40cf59d511e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_10.0.19041.1_none_92265dee13580837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-shimgvw.resources_31bf3856ad364e35_10.0.19041.1_en-us_6bc761c3a854b663\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-csvde.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_68d5e035b6ec23ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mobilepc-sensors-cpl_31bf3856ad364e35_10.0.19041.1_none_b8404bc3ae43ebc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-rasplap_31bf3856ad364e35_10.0.19041.867_none_f01b2255d690daa4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-o..nefiles-extend-apis_31bf3856ad364e35_10.0.19041.746_none_7540b255c77bbc31\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ngc-tasks_31bf3856ad364e35_10.0.19041.1288_none_c098111d522e08c1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_10.0.19041.1_none_49be76c2f19cc0ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecoreuap-deviceaccess_31bf3856ad364e35_10.0.19041.264_none_d64e0686f90d801d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-o..es-fondue.resources_31bf3856ad364e35_10.0.19041.1_it-it_5f12ca8cb7d24b25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4dfbfb89c0d31483\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-peertopeerpnrpautoreg_31bf3856ad364e35_10.0.19041.1_none_98d1b13fbddfe3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netelx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_196b5dadc5c810b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_pt-br_eef506143c1bff6a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..alenrollmentmanager_31bf3856ad364e35_10.0.19041.1202_none_1a780ff3456b7bcd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-mscorrc_res_dll_b03f5f7f11d50a3a_10.0.19041.1_none_6962918018cd654a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_10.0.19041.1_it-it_e7ebc91c3e26cebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_ru-ru_f212f1ebceb5ba45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..licensing.resources_31bf3856ad364e35_10.0.19041.1_en-us_08d1b5059efefa1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation-mfsvr_31bf3856ad364e35_10.0.19041.153_none_a6fd395b4e3ef24e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-propsys_31bf3856ad364e35_7.0.19041.1023_none_aef517a235fd01bd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sud_31bf3856ad364e35_10.0.19041.746_none_8ff3e9e0ef1a312e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-n..ofile-cim.resources_31bf3856ad364e35_10.0.19041.1_de-de_16856c7806b33c71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hgattest-wmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_c6408d2a877d3352\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-bits-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_21c1d4d9a4333033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..pc-mathinputcontrol_31bf3856ad364e35_10.0.19041.746_none_6056b3bf0aef1a0c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_mmcfxcommon.resources_31bf3856ad364e35_10.0.19041.1_es-es_acb3246d5222b843\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_76c6f18fc1f5c1eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_5a27dc45332041e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netathr10x.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7686c9325a2b562a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-taskkill.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ef5ec4daaf3f5b8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.264_none_62496caeba2daa52\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MQISXQQKMIDJKVK" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\DefaultIcon C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open\command C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MQISXQQKMIDJKVK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mB3Tew2BDFbEH1s.exe,0" C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\33755784b9128aabea98a2d4f0bebb86_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/4748-0-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 45f35ddbedac15a2a3a7849543dd9f65
SHA1 82f11f58c6ec43a262383fcb91347c5dc48d50dc
SHA256 d3180592af35bcf9c70c24e6f1b11784c4a209167e38261b27f01a9ad36db5c6
SHA512 c574be496143d89d41704fa3334a095a46d2270df68ca6213262ed66313fa620895f60461f156412be0c225da7e17b9d0fd4d34255c90bfc2441264da89d6612

memory/4748-5414-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4748-5415-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4748-6959-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4748-6960-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4748-6961-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4748-6962-0x0000000000400000-0x000000000040C000-memory.dmp