Malware Analysis Report

2025-01-18 20:39

Sample ID 241213-tty8astpes
Target ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118
SHA256 65fc86c4ce308b644af6121a6c505ebff7c7532770cd46f9cd9bd8fb391bfd51
Tags
xorist discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

65fc86c4ce308b644af6121a6c505ebff7c7532770cd46f9cd9bd8fb391bfd51

Threat Level: Known bad

The file ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xorist discovery persistence ransomware spyware stealer

Detected Xorist Ransomware

Xorist family

Drops file in Drivers directory

Reads user/profile data of web browsers

Drops startup file

Adds Run key to start application

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-13 16:21

Signatures

Detected Xorist Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Xorist family

xorist

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-13 16:21

Reported

2024-12-13 16:24

Platform

win7-20240708-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0Da3N2xFp6Xv267.exe" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_neutral_f5caca1789a3c28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00b.inf_amd64_neutral_4412894f52d39895\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TapiSetup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnca00e.inf_amd64_neutral_651eeed98428be5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\elxstor.inf_amd64_neutral_4263942b9dfe9077\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_neutral_6184912bd8e5b438\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_neutral_47406488f9e8d5b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_neutral_eb1d978f38f35bca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nfrd960.inf_amd64_neutral_cfc8c0013e9ede68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\EnterpriseN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\agp.inf_amd64_neutral_22cdceb61fbafb43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_neutral_560c956da9bcd8f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnfx002.inf_amd64_neutral_b6dd354531184f64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_neutral_4ab014d645098f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\_Default\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\PostMigRes\data\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnep00d.inf_amd64_neutral_dd61103f3a2743d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_neutral_6708ad28050a6765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\HomeBasicN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\eval\HomePremiumE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_neutral_439e7d1dcac00aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WCN\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\memory.inf_amd64_neutral_c2d2c213c3138487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnlx007.inf_amd64_neutral_0b796ee4978458e2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\adp94xx.inf_amd64_neutral_4928c8870f6a1577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_neutral_4ca64d28e1be8fa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\eval\ProfessionalE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jloaddgilloaadfi.bmp" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\text_renderer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EURO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Journal\Templates\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_c6ff5262e5f5bccc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ad9d54b923c3da85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-wmpdui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a84306473c671bb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\Speech\Engines\Lexicon\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1051f5dad299e574\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.5.7601.17514_none_9ce1375a66515376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_wiabr00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8e25d876d586609d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-i..l-keyboard-00000425_31bf3856ad364e35_6.1.7600.16385_none_4f51af6cb125c78a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_it-it_63b6217afda37853\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\1e96bc85441d7719ea6f7e63c4c3e287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-help-helpplc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1a757bbb5bc97acd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9bb0cde6683692ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc00b.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0b8954d473aff991\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17514_none_d4a4d90d5db128bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnbr00a.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9f03a13cf3f79c4c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\inf\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_adp94xx.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7d1934d0258df2c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e84325a814020a94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-netapi32_31bf3856ad364e35_6.1.7601.17514_none_eb5a2082182f6873\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8a8c4b4f060507fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_a6fad1d3f5b2f99e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ntfs.resources_31bf3856ad364e35_6.1.7600.16385_en-us_40a72e2477e646bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6a776e2d9017e651\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..smcnative.resources_31bf3856ad364e35_6.1.7600.16385_en-us_912e40bbd6ff2a08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a4d549a5b0a13e77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4d4c460d5327b1f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-jet-ji32.resources_31bf3856ad364e35_6.1.7600.16385_en-us_546aa6ff82be143e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_6.1.7600.16385_es-es_25b6a9ab388a09ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..cyscripts.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a2f2b00be16607c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mydocs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_c7be3b23289de62f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..framework.resources_31bf3856ad364e35_6.1.7600.16385_en-us_47a7e66e1fa4bb1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-v..re-codecs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_860ada97f71e496c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_it-it_17adc05c82f22992\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_ehstorpwddrv.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_b56a91c5867bed1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-icm-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_29821f18f334f732\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_prnrc006.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9045389da781d260\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85bfe66ff35583fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_43be31b1243492e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1e4cbc67ccce19ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-wab-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c185df0b16438eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-a..ore-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eb3ee165f49968b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f04371ec21c4626e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_system.data.services.resources_b77a5c561934e089_6.1.7601.17514_ja-jp_979849783af93a71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e89908d79afacf17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.1.7601.17514_none_414c2fe8825bd6cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_75107e8ff0ade521\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_policy.6.0.microsoft.mediacenter.ui_31bf3856ad364e35_6.1.7600.16385_none_a7bcb998fb9801a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_de-de_31768b4153e628b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..oradapter.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bf9af86f3ce6a687\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.1.7600.16385_none_0f472a3521bdcfd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv14259fd9#\a0401c16e342af1d26406c93706acb15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_3c1b29463bcb5626\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4c280f4fcec33c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..k-msctfui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_151b6ff191ba8508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-robocopy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b4a1152b51c216d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Iden1fe87377#\2a8d6efe5a99d9e6b03587df841c2087\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_flpydisk.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6fc48f291b96237b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.hYcsG\ = "NBLIWDNCXHILJFV" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0Da3N2xFp6Xv267.exe,0" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\shell\open\command C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\shell C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.hYcsG C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\shell\open C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0Da3N2xFp6Xv267.exe" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 cc34d0b040f41bc538903ad351ea6e66
SHA1 47ddae9973f9ffebf5320d86189f8bb24e38ede7
SHA256 9bf248d49b9ddd35307457af659c1d9e42e9d926accbb93f9dd02ec14349bfbb
SHA512 bbe66e13232b1905edf22deb14c8ea824fca45d49c75882a54f8798b68644505614af7bab29b0f6b27424e6acc218fd50fc4af836f1fee4d93ef41f0235776ed

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-13 16:21

Reported

2024-12-13 16:24

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0Da3N2xFp6Xv267.exe" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\oobe\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_8370fa408706074c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas3i.inf_amd64_79c7a4d8be0a9744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_19bd1d6c2b642b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\scunknown.inf_amd64_90993a57907d9959\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_07bca0bfd5173050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_d37080dfb66d830b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_cnl.inf_amd64_a60833fda31e9831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_cdrom.inf_amd64_f08f2fe1cde58aef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_magneticstripereader.inf_amd64_86e291110e37418b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_a192dbf28b4634a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_04863374c9db2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_usb.inf_amd64_17c270ca25f45542\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_d7b1959484ec8228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_amd64_e879d41db6fd1ab8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hkkmppbeggjmooll.bmp" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactNative\Tracing\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Defender\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_~_kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a673a811fe1122c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ci-wldp-dll_31bf3856ad364e35_10.0.19041.662_none_7d38bfcd1db751da\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\PresentationUI.Resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-fodhelper-ux.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0281884e322425b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_10.0.19041.1_it-it_72cd48c0670b4651\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol.resources_31bf3856ad364e35_10.0.19041.1_de-de_8ab0e8e19f0996be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..ctivities.resources_31bf3856ad364e35_10.0.19041.1_it-it_2aaa0a482ebd8313\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b04a9ba801ea7788\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-gdi32_31bf3856ad364e35_10.0.19041.1_none_19c461d21d0fd3e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_10.0.19041.1288_none_09bb3dbe72898e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-e..ardplugin.resources_31bf3856ad364e35_10.0.19041.1_it-it_9305c0b27100793f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..ation-net.resources_31bf3856ad364e35_10.0.19041.1_it-it_e01c215223d87c9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-i..onal-keyboard-kbdcr_31bf3856ad364e35_10.0.19041.1_none_370722b5ed6a7207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\WindowsUpdate\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-analog-voice-adapters_31bf3856ad364e35_10.0.19041.746_none_823c8098c95ed03d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-c..t-resources-mrmcore_31bf3856ad364e35_10.0.19041.264_none_c9604b1dc0c642f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..e_iassvcs.resources_31bf3856ad364e35_10.0.19041.1_es-es_a6866d0b320f1d2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ket-win32.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ac48efd542e80e9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_50f51366663a831c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_scsidev.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_8f35ddff6eb4d994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..agnostics.resources_31bf3856ad364e35_10.0.19041.1_de-de_f94a73b165ea4cf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-rastls_31bf3856ad364e35_10.0.19041.1081_none_a30d40b790064397\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-statemanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_36d1a55a2be58c8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..honeservice-desktop_31bf3856ad364e35_10.0.19041.746_none_0675f86f015a9e94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tionuxexe.resources_31bf3856ad364e35_10.0.19041.1_es-es_fa3b5e2d50491262\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_windows-applicationmodel_31bf3856ad364e35_10.0.19041.264_none_ffe742d1fdbcaf8c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_ddores.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_412d4785cd877244\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_hidscanner.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_1d66074e17d6cca4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-u..itefilter.resources_31bf3856ad364e35_10.0.19041.1_es-es_f73f3d05b3794e32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_10.0.19041.1_es-es_0b45fc51e33f369b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-perceptionapi-stub_31bf3856ad364e35_10.0.19041.1023_none_f01fe2bd09cb41aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_ru-ru_f212f1ebceb5ba45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\diagnostics\system\Device\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_dual_rtux64w10.inf_31bf3856ad364e35_10.0.19041.1_none_1d98d45a56548a3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.19041.1_none_3c360c9e8a3e64cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mup.resources_31bf3856ad364e35_10.0.19041.1_it-it_22f02320409b54f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sud_31bf3856ad364e35_10.0.19041.1_none_5d970245fb47b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_system.componentmod..istration.resources_b77a5c561934e089_4.0.15805.0_es-es_8c6e5d36069f2983\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-u..istration.resources_31bf3856ad364e35_10.0.19041.1_en-us_2407d4644e9a741d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Dtc.Resources\3.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_intelpmax.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7bb5a0cd2e687cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_18031d2fa36af55c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-r..eelevated.resources_31bf3856ad364e35_10.0.19041.1_en-us_47b2ef00764d8c40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-searchfolder-library_31bf3856ad364e35_10.0.19041.1266_none_0499e0f02267f631\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-onex.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bf8a725a082c584c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-update-orchestratorapi_31bf3856ad364e35_10.0.19041.1266_none_b8c61cc731c84774\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft.powershel..resources.resources_31bf3856ad364e35_10.0.19041.1_es-es_41dcd20a820bff35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\sysglobl.Resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_1394.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_477c436b7e831d73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-windowmanagement_31bf3856ad364e35_10.0.19041.264_none_3108689b2f24e931\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_10.0.19041.1_none_b343d1416fbbbb9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_11.0.19041.1_it-it_b419c49c2927b83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..anagement.resources_31bf3856ad364e35_10.0.19041.1_it-it_57478633ac8ed592\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_10.0.19041.1_de-de_f17dd476303da480\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-com-dtc-setup_31bf3856ad364e35_10.0.19041.746_none_76199c1c412ad571\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-p..ommunicationsupport_31bf3856ad364e35_10.0.19041.1_none_db31cc6ec76cd60f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-ngen_exe_b03f5f7f11d50a3a_10.0.19041.1_none_f0f8491ec727a0ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wpdmtp.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_84acdc519efa1529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\amd64_wsdapi.resources_31bf3856ad364e35_10.0.19041.1_de-de_2839f83915e9ff0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\msil_aspnetmmcext.resources_b03f5f7f11d50a3a_10.0.19041.1_fr-fr_3704ba86617d8f09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.1_none_48b3f8706a946ab2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.hYcsG\ = "NBLIWDNCXHILJFV" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0Da3N2xFp6Xv267.exe,0" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\shell\open C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.hYcsG C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\DefaultIcon C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\shell\open\command C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\shell C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0Da3N2xFp6Xv267.exe" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NBLIWDNCXHILJFV\ = "CRYPTED!" C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\ec5ca5e4aafd66caa4a4c5458b765cf2_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

MD5 cc34d0b040f41bc538903ad351ea6e66
SHA1 47ddae9973f9ffebf5320d86189f8bb24e38ede7
SHA256 9bf248d49b9ddd35307457af659c1d9e42e9d926accbb93f9dd02ec14349bfbb
SHA512 bbe66e13232b1905edf22deb14c8ea824fca45d49c75882a54f8798b68644505614af7bab29b0f6b27424e6acc218fd50fc4af836f1fee4d93ef41f0235776ed