Malware Analysis Report

2025-01-18 20:39

Sample ID 241207-rq4mhazpdl
Target d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118
SHA256 f311f5ec360c4a5fd2aeec5ce729ce2d71c28f448adf0795b1f36e6164a91221
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f311f5ec360c4a5fd2aeec5ce729ce2d71c28f448adf0795b1f36e6164a91221

Threat Level: Known bad

The file d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Xorist Ransomware

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-07 14:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-07 14:24

Reported

2024-12-07 14:27

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/3944-0-0x0000000000400000-0x000000000040D000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-07 14:24

Reported

2024-12-07 14:27

Platform

win7-20240903-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe"

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xorist Ransomware

ransomware xorist

Xorist family

xorist

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y69jv6Sm7xEn6f8.exe" C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\ph3xibc2.inf_amd64_neutral_7621f5d62d77f42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr007.inf_amd64_neutral_add2acf1d573aef0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnso002.inf_amd64_neutral_c3b7ce4e6f71641f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\WindowsSearchEngine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_neutral_db76873d4261eb11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_neutral_b64a610f1f09f267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky302.inf_amd64_ja-jp_dd74fe49601b74f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnnr003.inf_amd64_neutral_c07c33bfb5764bdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_neutral_c150a510c4b85ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_neutral_e68956e24e287714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_neutral_16d100fb6ba2e40f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_neutral_aed2e7a487803437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep304.inf_amd64_ja-jp_27c560b15d9928c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_neutral_fa693d8797766f49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_neutral_8b26ad5d0cc037a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_82f4c743c8996d67\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\Enterprise\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc00b.inf_amd64_neutral_3338d41663aad5fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\eval\StarterE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_neutral_46f466c9e68abb4a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr00a.inf_amd64_neutral_e7f3f91e6832ef5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\Starter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\StarterN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_neutral_b263d46928b97a9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rdvgwddm.inf_amd64_neutral_dd691eae66f3032d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-ndis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx005.inf_amd64_neutral_f65eeb9bff6bd8f3\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\_Default\HomePremium\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\WSMT\rras\dlmanifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00g.inf_amd64_neutral_2926840e245f88f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnrc006.inf_amd64_neutral_7e12a60cc98d3f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EURO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Photo Viewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-osk.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c55166091100d6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnod002.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3baa2a1ed43e41f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\8b62ac3a8cfd55c530052c79253d25c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..s-ime-japanese-help_31bf3856ad364e35_6.1.7600.16385_none_cdfd15e4a5a167d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_6.1.7601.17514_it-it_00549ab0f94c31a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr004.inf_31bf3856ad364e35_6.1.7600.16385_none_4adb5f0cf66cc770\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnok002.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6a49565e49cffdbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ql40xx.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d3a27a362b551c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..cemanager.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8a23be330aa6a3a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dui70.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_603f82557031dca6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..nsors-cpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2d56165507eb973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tdi-driver_31bf3856ad364e35_6.1.7601.17514_none_c5144dfb4c96036b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wpf-xamlviewer_31bf3856ad364e35_6.1.7601.17514_none_b43451f0938c6cd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cf07afe341c4a9c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0e0afc84c44cf20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..deviceapi.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f481d1fe1ea802bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..ng-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_95c9f01b3ed9994c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_03acae5aa2c6f84a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netk57a.inf_31bf3856ad364e35_6.1.7600.16385_none_b67bb5081937ae73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..fications.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b8b4f2ee48c662c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_651e1fdf635a0812\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-n..-statusui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_72beeac6a06248c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_scsidev.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_de2a981bd7e66585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8027a962d89e807a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_6.1.7601.17514_none_770a7fb29038c2c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_6.1.7600.16385_de-de_36b997dc1006f298\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7b176a691d8ef141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\inf\ServiceModelEndpoint 3.0.0.0\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_e17fe05b9aaa2040\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr007.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_186c2c8ed691aa61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..hared-versiondialog_31bf3856ad364e35_6.1.7600.16385_none_0a65a5db9b5b8955\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8391072310ccd84eecefe797cfd4a4a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-syncui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8b61db9bec792d86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_mdmbr005.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e80c155894ca6eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_203e010d26711f1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b2ed1aff7a63ba92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_cxfalcon_ibv64.inf_31bf3856ad364e35_6.1.7600.16385_none_a242cda757046042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-mdac-oledb-stub-rb_31bf3856ad364e35_6.1.7600.16385_none_f1293e82d1d4041c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..ion-video.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d7b0b42e903b5fa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5aa7fcdbe5c4f795\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_490700ed08c97001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_6.1.7600.16385_it-it_a5d16cf8352a40b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..sframework-inputdll_31bf3856ad364e35_6.1.7600.16385_none_b88be45adf067b29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netathrx.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_776fdbd5fb947471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnky008.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3f5831ae11c8f33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.1.7600.16385_none_178e80c5a3bdbcbe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..-nlsbuild.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2993266bb8cd89ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ae51986de3a57a93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-a..cing-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0bfcc31f07a61f6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-security-digest-mof_31bf3856ad364e35_6.1.7600.16385_none_9275ff23a5792ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7c17224363fafaf9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost\6.1.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..container.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_52d8d57ff909b6c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_3e69140a61f1eff5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-x..achviewer.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_83e1ef13fa56314d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..demanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_941d671849102d68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..c-oracle-driver-dll_31bf3856ad364e35_6.1.7601.17514_none_6b16a37ea1353bb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..roxy-main.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dde2d6752fe25edf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-com-oleui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c6872e7beca797ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZZLVFAVRJBHAAIB\shell C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZZLVFAVRJBHAAIB\shell\open C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.@Crypted@ C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.@Crypted@\ = "ZZLVFAVRJBHAAIB" C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZZLVFAVRJBHAAIB\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZZLVFAVRJBHAAIB\shell\open\command C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZZLVFAVRJBHAAIB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y69jv6Sm7xEn6f8.exe" C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZZLVFAVRJBHAAIB C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZZLVFAVRJBHAAIB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZZLVFAVRJBHAAIB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y69jv6Sm7xEn6f8.exe,0" C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\d2e8f95304dbb187fc3fade51fd519bc_JaffaCakes118.exe"

Network

N/A

Files

memory/2420-0-0x0000000000400000-0x000000000040D000-memory.dmp

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 c9101bab501ed5b176abfce24f7d41c0
SHA1 21007ef56c5010253c8d263a5c69094b622bb00d
SHA256 d3242cbd0ff9003c6bc53f23f69d263f20d66a819fa5839f7dcb22024459726c
SHA512 a0cb96705547c3cce8379660a48bae4911ce561860b503025a851688c0cf5085ac53c569e456b39bc7469e05782d1be95dcddc4e2c05e436de9c34887dd2f4db

memory/2420-4775-0x0000000000400000-0x000000000040D000-memory.dmp

memory/2420-4776-0x0000000000400000-0x000000000040D000-memory.dmp

memory/2420-4778-0x0000000000400000-0x000000000040D000-memory.dmp