Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-halmba1gqk
Target 4bc47294a5d7f790900cedb1abba6688_JaffaCakes118
SHA256 592b79997bcf90f34659af497ca305e2339422fbdde10988feaf4abc8edde321
Tags
discovery ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

592b79997bcf90f34659af497ca305e2339422fbdde10988feaf4abc8edde321

Threat Level: Likely malicious

The file 4bc47294a5d7f790900cedb1abba6688_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware spyware stealer

Renames multiple (105) files with added filename extension

Renames multiple (439) files with added filename extension

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 06:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 06:32

Reported

2024-10-16 06:34

Platform

win7-20240708-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe"

Signatures

Renames multiple (439) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\fr-FR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\en-US\Licenses\OEM\EnterpriseN\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\xml\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_neutral_4a983035eaabe2f4\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\EnterpriseE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_6cb50ae9f480775b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\Licenses\eval\StarterN\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\EnterpriseE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\Licenses\_Default\EnterpriseE\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomePremiumE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasicN\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\ProfessionalE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_neutral_fca91999602b0343\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\Amd64\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx002.inf_amd64_neutral_12563574abbc36eb\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\MUI\0411\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bg-BG\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_neutral_170c11f3a6d3f0a8\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_neutral_905772087ff288af\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\Ultimate\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremiumN\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\de-DE\Licenses\_Default\ProfessionalN\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\ProfessionalN\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\UltimateE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\Amd64\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Enterprise\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\Licenses\OEM\ProfessionalE\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\ja-JP\Licenses\OEM\HomePremium\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\pt-BR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_neutral_230358eeb58f0b3b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky005.inf_amd64_neutral_8836be987024e6a9\Amd64\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\Enterprise\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\ProfessionalN\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx00w.inf_amd64_neutral_d4c93bb2fbf75723\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnsv004.inf_amd64_neutral_fc4526bbfbd5feb1\Amd64\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicN\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasicE\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\ja-JP\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_neutral_30b367f92ca46598\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx004.inf_amd64_neutral_2cf95f307381e481\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\es-ES\Licenses\_Default\UltimateN\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterN\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\icsxml\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxcn001.inf_amd64_neutral_d23021a1eb548156\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cffbeehjjmpbbegg.bmp" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImages.jpg C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrow.jpg C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\Media Renderer\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\7-Zip\Lang\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH03041I.JPG C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382948.JPG C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\text_renderer\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\COMBOBOX.JPG C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImage.jpg C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\Internet Explorer\en-US\eula.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099152.JPG C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309480.JPG C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\Skins\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Portable Devices\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATE.JPG C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_faxca003.inf_31bf3856ad364e35_6.1.7600.16385_none_8f99fd41b27fdd58\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..layer-vis.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e89c52d6f87fae01\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shwebsvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_313fe3bc07e30c00\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\x86_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_3425764920890548\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_96cee39171a8e795\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-speech.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_62b47e898b8361ff\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_6.1.7601.17514_none_09ee9e0dfa2c4fbd\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..interface.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c2301b7ddfc2b852\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_6.1.7600.16385_de-de_44866352f90fbfe9\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_de-de_68123a74207f1157\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data14bed3a9#\d0c8be245fc6926e7a71200dc2b288af\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0c765b843b5f5fca\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.17514_none_a2347d4102a4c8ad\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e42d018d804da1eb\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0410\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_memory.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9d615843b3b71ca8\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_42ecffc1e45b84b5\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-u..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f2ed0ad2b9819155\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-winmeetb.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fed09bde150169f0\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.1.7601.17514_none_7ec36f4d129aab09\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\86550fdda6994a9c192d7a0b9b59ee5b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiaca00d.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e23770f811f3c23\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-btpanui-mui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_742ca32d0094a20a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e4aa467e1dc39248\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bcfae8425d7ef9c0\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_net8187se64.inf_31bf3856ad364e35_6.1.7600.16385_none_6a1eccb666dcecad\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-deskperf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1f3856d1c56ef236\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_securityauditpoliciessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ef4fd05f1681d811\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_9ff90c68df2532f0\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4655edb758a0a7f9\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-e..ntication.resources_31bf3856ad364e35_6.1.7600.16385_de-de_aa4ed76aed194472\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d8b718c3aa574b8e\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-itvres.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a4a6fe0fdff83a23\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ssmanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0e35d57f14f38d05\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.web.dynamicdata.design.resources_31bf3856ad364e35_6.1.7601.17514_it-it_c89d099b325c3f99\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_6252687e84367fb4\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..ents-mdac-rds-isapi_31bf3856ad364e35_6.1.7601.17514_none_ce7c6ea90d6c478a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..subsystem.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4aab526590e1172b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d3d085cab69943cd\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_8.0.7600.16385_es-es_6e52859a5ee6e1a9\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ntservice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0ed9b0b44700e5cb\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..packerror.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d2bceb74be03d267\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-van_31bf3856ad364e35_6.1.7601.17514_none_0a400a7b6fab2d66\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wstorflt.inf_31bf3856ad364e35_6.1.7601.17514_none_1eb9f40a2eecbab3\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_it-it_020311c19a38c0a8\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..tcmdtools.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39253479d90b771a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setupcl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f60f2fdd00cfdcbd\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_6.1.7600.16385_de-de_16ff80e9dba5fb3b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Printing\8a2376658a24628765d359a0fafb3339\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dacce684029df516\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..show-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_37989fb821afc047\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7601.17514_es-es_5a7985085aa15ed9\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.16428_none_4c9247ac83e5583f\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-s..center-controlpanel_31bf3856ad364e35_6.1.7600.16385_none_adc9008b51d6fead\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wia-automation_31bf3856ad364e35_6.1.7600.16385_none_0548aa042531f668\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-branding-base-ultimate_31bf3856ad364e35_6.1.7600.16385_none_979c1f2fd8e3b95a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-vidclip.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a2fe5eabc6e2ae94\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-x..achviewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e12a791507841aeb\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2a3830769e345a05\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\inf\ASP.NET\0007\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.miK\ = "AXSHKKRBYUMEUBW" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\shell\open\command C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\shell\open C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\38B34E1b57Lo240.exe" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.miK C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\38B34E1b57Lo240.exe,0" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\shell C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÄÅØÈÔÐÀÒÎÐ.txt

MD5 ad063f5f6c0562dd768f62602cbe26d8
SHA1 5159b01d85719d0da208238c4f04f6fcf7988ec5
SHA256 fc8debd05536a28613da3d2a3da54ee78bea6c8475e19b74406107511fd2e0e0
SHA512 4ab9f7d8a4fca650d84a10c7bc5b0aa2d48aed2945d134e6c6505b97d4801ec17db8ea56ee90003ecb3db13494266734a6c53d921cf8a0f2a99ca04686c7e5ed

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 c1f4bfcb7203e0dfa2598442d0dfbc87
SHA1 ef647b33ca33bb540b8d413a3a48b7bd2b5f3020
SHA256 ef19e3e80ae950687016f4aea29299976a3dc83078ed6c3ec117c5d57f5bd651
SHA512 a546d0944e6557636d23f0c95dcc998cc62c2fc762d54a97e32ed904e3d3475eda5d842a94bc86a361a92613cb9a8404905f5068f4087580f29f9efd27006c6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 602200d7e8fa10aedf6921bc39318980
SHA1 1a06427e28517cc70c937d9597f23f336d1f0ec5
SHA256 8182d94d04d0286ef6844523e625b75225cc9c586b41cdb4cfd9b1159e13899f
SHA512 313fb6f89b0a50a93111de4c9e7584d38947bb27060cdf7fdb0aff95cff0570fedbffe2234e374635b889cb136f9f1ccfb17cdf8306cb683a256b04fced2ac65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 27d20b31bfaf09152446722990fe85a3
SHA1 acd6b76b6a7956a01b5a19bcdc64ea7ab0b0d403
SHA256 986b7aa631281681ba9b8ad4668ca4dc1a016dafc12155ae4fb0079da0410b3a
SHA512 f1ca3f47fd9fbaa0b4e8bb7581d01b0f84f88f88b98a33ee31c23737b3216df2ed1615bb5073db74e618d1c33055a32791c4013fd3ace1d0d3e050214db40cc0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 543bb6332f3af2273d35b06913cd2b1f
SHA1 d96a48ee58e8447f5fd02cb2fef6f379f7f109bb
SHA256 25fc7f5a298f2814bcd5b72546fa3aec4d34eeded5765be862dd1876ac00a8ff
SHA512 fa288cdc355539db5f648b02201e19f80afb9f8763c6e6b622328a1199a2e30dfccf2e78fd27348c2c4d812abdf289fac75848790e03522a0926a59a7b66bdb5

C:\Users\Admin\Desktop\DisconnectGet.xlsx

MD5 d5dc619b3b8ecc575673b64f61a92e60
SHA1 dd5bcce45df19bb0751de9d52001620b8b41ae63
SHA256 15f6dc9d9d23b3c1f9da3f9b769143c4d6aa57e7b5175b035950c6302a8be70c
SHA512 d210bd5f51fd4cb840a4977c5c86fd6fce860818cac69fef9d488d9fd4741a1b3d15a07fdd1adeb9b9075f587287a3d6f1585b875553e53b3d8318868f1c35d2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 0488e0a64e326689f3b5670f96b976da
SHA1 5f7ca418490419ebf5885fd21deda26d4aff890c
SHA256 b2db105a50d8be0e8021a73e42f1dbd9017c6384a089b3ef15adb93b4f293069
SHA512 8f140148511636caeb75480d8bf3bc87a9818e2b62ac6e49d3a2e42bd2a12814ad64f623b510dcf31579d97a6aa8280a271d241f2cd85613ab17110e46f9b09a

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 bac6e9d1c8d9afb5dd83699269531507
SHA1 6f7700545556b5a18bdf87c8e7193475b27146cb
SHA256 0d468b9db8ced80c6d392df259160630807792a2b4d33cc6e39f3f15e1047509
SHA512 c5494c0d6dedd8b8e7c6fc3ae87d24ca89e6c55717c93af209b6e4218c598b6abb2abf7036b2cb7cd9078aa8f69cf12518205c60d0d05ccd49fe59f066322c49

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fb3865521a1e1ae1795c9c05a5f4e2e2
SHA1 507f914d08967b3ad38939a6aa5330693c9b68af
SHA256 10defbdbb6bbf16a11bd69baee789ee5759349078e6bec6bc62c2f9ac9fdbb36
SHA512 2cb5b1d384b6b17767b23976b09d39388e018f2a2c0f907a663e3fc6b0bbefdae3cc814098601c314a8356288c6a85e5dc31591cf7bc7b6e472d37016fdb399d

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 36de80cbe0745fde5ee8c4acd1d8b39a
SHA1 7d1ab702a5ccc8317e0653a1626327e5c4d9e160
SHA256 4d7e52ba9cd4fe8f2785a5f3963b174cba73ec399549990da387d4320eb7dad6
SHA512 1956a5737f8dd9dae556c6ca9f27a0b4d651c28a76de59218f948cf09f2f53fb4149c56d4145d932bc388850f623d44f301074d23044e76dde8f695b56537c7e

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 06:32

Reported

2024-10-16 06:34

Platform

win10v2004-20241007-en

Max time kernel

138s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe"

Signatures

Renames multiple (105) files with added filename extension

ransomware

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech_OneCore\Common\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_3acec385f5d67bdf\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\uk-UA\lipeula.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\fr-FR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\Licenses\neutral\_Default\Professional\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sv-SE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppBackgroundTask\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DeliveryOptimization\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c4ed3602d3c754f2\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_gpio.inf_amd64_62ffa3c95446bcfc\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\sr-Latn-RS\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\qd3x64.inf_amd64_fd7b06296b7ac679\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_8e8496aa33c0a7f6\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_0eb96a1741539c14\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\remoteposdrv.inf_amd64_0f0da968c1cfce06\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\uk-UA\Licenses\Volume\Professional\license.rtf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_i2c.inf_amd64_8e00e1aed7fbdf70\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\WMI\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dgjllobbdggillaa.bmp" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\it-it\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\es-es\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireSmallTile.scale-100.jpg C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\ThirdPartyNotices\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\localhost.crt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ca-es\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_Error.jpg C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2019.807.41.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-il\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\es-es\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\de-DE\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_2019.1111.2029.0_neutral_~_8wekyb3d8bbwe\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\LiveTiles\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\de-de\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x64\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\es-ES\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-tw\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ru-ru\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ja-jp\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_vsmraid.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_a3fa9592a3a534fd\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-mscordbi_dll_b03f5f7f11d50a3a_10.0.19041.1_none_310edeb7ed6dec57\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.ConsoleHost\v4.0_1.0.0.0__31bf3856ad364e35\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_es-es_2c55246d83884e93\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-desktopdispbroker_31bf3856ad364e35_10.0.19041.1266_none_718957bf95170700\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ngerprintcredential_31bf3856ad364e35_10.0.19041.1081_none_10779450ce4480b4\r\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..utomation.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1258322c442a57d\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ebb578574e1f06b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_10.0.19041.1_none_3e8771b704a96791\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.19041.1_es-es_68f193dfc34115a4\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_10.0.19041.1_none_bd239151753507ba\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-omadmagent_31bf3856ad364e35_10.0.19041.746_none_7c2d8ca11b9eec7a\r\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..k-handler.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b5e02592b9d9ad8c\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ity-aadtb.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_919516e2739b7a8d\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate.resources_31bf3856ad364e35_10.0.19041.1_it-it_4f6f0eb71a20e898\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.dtc.powershell.scripts_31bf3856ad364e35_10.0.19041.1_none_b743504584ec3c06\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_netrndis.inf_31bf3856ad364e35_10.0.19041.1_none_2dbfbc4b63a3ab8e\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_10.0.19041.746_none_be082f599ecc9fb9\f\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_10.0.19041.1_none_fd1639479924c51c\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.build.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_23a7127b443796e5\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-kdcpw.resources_31bf3856ad364e35_10.0.19041.1_en-us_ede81a32ba02918f\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_security-octagon-broker.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f82c87dedcbce76b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_sti.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_249ed6b3f963504d\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-usb-winrt_31bf3856ad364e35_10.0.19041.264_none_514d35729ec87a07\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..atform-input-ninput_31bf3856ad364e35_10.0.19041.546_none_9cb384bc1098bc04\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-zipfldr.resources_31bf3856ad364e35_10.0.19041.1_es-es_c93423de1dd0cb1a\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hostguard..t-service.resources_31bf3856ad364e35_10.0.19041.1_es-es_6b809fd845d97c01\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12script_31bf3856ad364e35_11.0.19041.1_none_fb5567da482af6d1\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.windows.powershell.common_31bf3856ad364e35_10.0.19041.1_none_e6d05ddbba96a35b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-telephony-phoneom_31bf3856ad364e35_10.0.19041.264_none_c73a0b319d0e14ed\f\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.19041.1_it-it_0e251c9b0ecf65ad\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-media-audio_31bf3856ad364e35_10.0.19041.1266_none_5108d2722b4d8167\r\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1b62975416be909c\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-dataexchangehost_31bf3856ad364e35_10.0.19041.746_none_c77d8290c75caeee\f\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..-accountscontrolexp_31bf3856ad364e35_10.0.19041.1_none_a52846fb208f2323\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..clientext.resources_31bf3856ad364e35_10.0.19041.1_it-it_a8df0c6f57657db2\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.backgroun..r.management.module_31bf3856ad364e35_10.0.19041.1_none_9992d7a06e9e23ae\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..lient-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_bf3ced8783030082\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ea63625f109f122\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-twinui_31bf3856ad364e35_10.0.19041.1202_none_e867a49a6e97813d\r\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.264_none_3f3171c3dee02d36\r\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.xml.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-gaming-xbox..age-winrt-component_31bf3856ad364e35_10.0.19041.746_none_1b0ae3080b6962fa\f\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-japanese-dictapi_31bf3856ad364e35_10.0.19041.844_none_b4a737a0a8a3d36d\f\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.1202_none_105c5fa821f6b5c9\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-thumbexthost_31bf3856ad364e35_10.0.19041.746_none_d8baedf8d09aba05\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-o..layfilter.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb4aaced1e956418\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..boot-firmwareupdate_31bf3856ad364e35_10.0.19041.1_none_6ab72e7ea4dfef1b\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..istration.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_43bc59294854e061\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_rhproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_eece09d0effb6db1\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..vercommon.resources_31bf3856ad364e35_10.0.19041.1_it-it_2019ded79212a3f7\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-azman.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f676dfe3c7087773\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..olehostv1.resources_31bf3856ad364e35_10.0.19041.1_it-it_be75025e46bd2e75\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-datacollection-adm_31bf3856ad364e35_10.0.19041.1_none_71b301733c1026f0\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_10.0.19041.1_none_dedee787078f40e3\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ilter-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fea6ab76268a1caa\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..allationgrouppolicy_31bf3856ad364e35_10.0.19041.1151_none_ec6f88b8c3d94cf3\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ommandline-repadmin_31bf3856ad364e35_10.0.19041.1_none_b6b53473f278f7cc\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-inputswitch.resources_31bf3856ad364e35_10.0.19041.1_de-de_80b84ad0ea157361\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-soundrec-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_7776836520574507\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsAuthenticationProtocols.Commands.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-notepad.resources_31bf3856ad364e35_10.0.19041.1_it-it_6081aebf38829390\ÄÅØÈÔÐÀÒÎÐ.txt C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\DefaultIcon C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\shell C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.miK C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\shell\open C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\38B34E1b57Lo240.exe" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.miK\ = "AXSHKKRBYUMEUBW" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\38B34E1b57Lo240.exe,0" C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AXSHKKRBYUMEUBW\shell\open\command C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4bc47294a5d7f790900cedb1abba6688_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÄÅØÈÔÐÀÒÎÐ.txt

MD5 ad063f5f6c0562dd768f62602cbe26d8
SHA1 5159b01d85719d0da208238c4f04f6fcf7988ec5
SHA256 fc8debd05536a28613da3d2a3da54ee78bea6c8475e19b74406107511fd2e0e0
SHA512 4ab9f7d8a4fca650d84a10c7bc5b0aa2d48aed2945d134e6c6505b97d4801ec17db8ea56ee90003ecb3db13494266734a6c53d921cf8a0f2a99ca04686c7e5ed

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

MD5 0488e0a64e326689f3b5670f96b976da
SHA1 5f7ca418490419ebf5885fd21deda26d4aff890c
SHA256 b2db105a50d8be0e8021a73e42f1dbd9017c6384a089b3ef15adb93b4f293069
SHA512 8f140148511636caeb75480d8bf3bc87a9818e2b62ac6e49d3a2e42bd2a12814ad64f623b510dcf31579d97a6aa8280a271d241f2cd85613ab17110e46f9b09a

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

MD5 bac6e9d1c8d9afb5dd83699269531507
SHA1 6f7700545556b5a18bdf87c8e7193475b27146cb
SHA256 0d468b9db8ced80c6d392df259160630807792a2b4d33cc6e39f3f15e1047509
SHA512 c5494c0d6dedd8b8e7c6fc3ae87d24ca89e6c55717c93af209b6e4218c598b6abb2abf7036b2cb7cd9078aa8f69cf12518205c60d0d05ccd49fe59f066322c49

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

MD5 fb3865521a1e1ae1795c9c05a5f4e2e2
SHA1 507f914d08967b3ad38939a6aa5330693c9b68af
SHA256 10defbdbb6bbf16a11bd69baee789ee5759349078e6bec6bc62c2f9ac9fdbb36
SHA512 2cb5b1d384b6b17767b23976b09d39388e018f2a2c0f907a663e3fc6b0bbefdae3cc814098601c314a8356288c6a85e5dc31591cf7bc7b6e472d37016fdb399d

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

MD5 36de80cbe0745fde5ee8c4acd1d8b39a
SHA1 7d1ab702a5ccc8317e0653a1626327e5c4d9e160
SHA256 4d7e52ba9cd4fe8f2785a5f3963b174cba73ec399549990da387d4320eb7dad6
SHA512 1956a5737f8dd9dae556c6ca9f27a0b4d651c28a76de59218f948cf09f2f53fb4149c56d4145d932bc388850f623d44f301074d23044e76dde8f695b56537c7e