Malware Analysis Report

2025-08-05 14:55

Sample ID 250704-xa3cdsxqv3
Target JaffaCakes118_1c7c823802cafdb7b2af675db978ec20
SHA256 4042d48fbecf63ed94a827b3737349bcc64bd335dff2771cdc80d44a19779f45
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4042d48fbecf63ed94a827b3737349bcc64bd335dff2771cdc80d44a19779f45

Threat Level: Shows suspicious behavior

The file JaffaCakes118_1c7c823802cafdb7b2af675db978ec20 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 18:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 18:39

Reported

2025-07-04 18:42

Platform

win10v2004-20250502-en

Max time kernel

140s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\wbem\WMIADAP.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\where.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\auditpol.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\stordiag.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\userinit.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\certutil.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\control.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\dfrgui.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\RdpSa.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\shrpubw.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\taskkill.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\cmdkey.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\dllhost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\isoburn.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\TSTheme.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\Utilman.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\wbem\mofcomp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\wbem\WinMgmt.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\GameBarPresenceWriter.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\help.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\label.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\mountvol.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\quickassist.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\UserAccountControlSettings.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\PATHPING.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\verifiergui.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\backgroundTaskHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\OposHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\scrnsave.scr C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\sdbinst.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\F12\IEChooser.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\print.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\psr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\raserver.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\AtBroker.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\dvdplay.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\wbem\WMIC.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\CloudNotifications.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\getmac.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\mmgaserver.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\cleanmgr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\fontdrvhost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\mspaint.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\reg.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\RunLegacyCPLElevated.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\attrib.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\CertEnrollCtrl.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\DpiScaling.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\dtdump.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\newdev.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechModelDownload.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\Taskmgr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\Com\comrepl.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\Com\MigRegDB.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\logman.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\runas.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\user.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\wsmprovhost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\xwizard.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\Dism\DismHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\MixedRealityPortal.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleApp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketch.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\msedgewebview2.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\SoundRec.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\BHO\ie_to_edge_stub.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86781\java.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\cookie_exporter.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\codecpacks.webp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\notification_click_helper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\MicrosoftEdgeUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoia.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-containers-ccg_31bf3856ad364e35_10.0.19041.844_none_3a7392af5414371e\CCG.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-security-secedit_31bf3856ad364e35_10.0.19041.1_none_64d83b9e511c141f\SecEdit.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-unp_31bf3856ad364e35_10.0.19041.1266_none_21c0be7c0dad3632\r\UNPUXHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashPlayerApp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.844_none_c47fb20821633815\imecfmui.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-security-spp_31bf3856ad364e35_10.0.19041.173_none_f837263e7fdd508f\r\sppsvc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.19041.1_none_3c045b5253f885ed\recover.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_f7c1402f08d2457a\r\mmc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\UevTemplateConfigItemGenerator.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.264_none_5481650943811810\SpatialAudioLicenseSrv.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.985_none_c3639a9e3ab1a351\f\WindowsSandboxClient.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1_none_3e1c0a49448926c6\bcdedit.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1081_none_955497efbb030cb9\r\wermgr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-lua_31bf3856ad364e35_10.0.19041.1_none_5c3b6ab5fc28f1f3\consent.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-w..ebviewhost.appxmain_31bf3856ad364e35_10.0.19041.264_none_e85c49c0793f9f24\f\Win32WebViewHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_windows-shield-provider_31bf3856ad364e35_10.0.19041.1266_none_1abb9653828c3f41\f\SecurityHealthHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.19041.1_none_540191f5bdbc78d5\nbtstat.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_10.0.19041.746_none_045e85893c117e35\r\wksprt.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-appcompattools_31bf3856ad364e35_10.0.19041.1_none_a9109d150b1bf064\acregl.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..-certificateinstall_31bf3856ad364e35_10.0.19041.1_none_efa641d58a943e71\dmcertinst.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_10.0.19041.746_none_045e85893c117e35\wksprt.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.19041.1_none_a9ed911ec30c76c5\mtstocom.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.19041.1_none_3e188ad1a12f1c4d\dpapimig.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.19041.1110_none_af1474f55f209109\raserver.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1_none_9be54a615e8b9e53\autofmt.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.19041.1_none_a0a8212dcec26473\refsutil.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.19041.1110_none_ac2441dbb712f006\r\sdchange.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1237_none_bd2b0ef5b58e1540\r\wscript.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_10.0.19041.1202_none_cc46843e404eb749\f\BitLockerWizard.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.19041.746_none_5fb37340a423d88f\f\PrintBrmUi.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.19041.153_none_c8fbed52dad932cb\systemreset.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-unp_31bf3856ad364e35_10.0.19041.1266_none_21c0be7c0dad3632\f\UNPUXHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.1_none_2305f6cf48d996c7\sethc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_56b9c0cf76f27918\autochk.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_10.0.19041.1151_none_43c494653a7536d0\r\wiaacmgr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_multipoint-wmssvc_31bf3856ad364e35_10.0.19041.1_none_76b501b13155d66b\WmsSvc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-e..crosoftedgedevtools_31bf3856ad364e35_10.0.19041.1_none_65a5646e8443d0f8\MicrosoftEdgeDevTools.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.906_none_87b019d7cebd66d4\appcmd.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-unp_31bf3856ad364e35_10.0.19041.1266_none_21c0be7c0dad3632\r\UNPUXLauncher.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.19041.746_none_726cc4a1ebcb1c1e\wlrmdr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-sctasks_31bf3856ad364e35_10.0.19041.906_none_72b8b02e4865ebca\r\schtasks.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.19041.1_none_61ef8d34a0953a91\WMIC.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_10.0.19041.746_none_dbe4ac1121d6e6d7\f\CertEnrollCtrl.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\r\AppVDllSurrogate.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1_none_63e4d70575e86068\unregmp2.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.264_none_b435e08254cda322\printui.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx-ieexec_b03f5f7f11d50a3a_10.0.19041.1_none_6a5de40c0a30489e\IEExec.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.546_none_f827f008f8832bd5\f\rasautou.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..ommandline-adamsync_31bf3856ad364e35_10.0.19041.1081_none_6700b2d2d3c0055f\f\adamsync.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.1_none_4247919c34819e8e\pcaui.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1_none_80e38b0746f5a926\wmprph.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.19041.1110_none_0565d41cd46ec20a\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..ces-workspacebroker_31bf3856ad364e35_10.0.19041.1151_none_0412565dd5f26733\wkspbroker.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_6331d348ae4a8fa9\poqexec.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux-dlg_31bf3856ad364e35_10.0.19041.1_none_544850fb795d0a4f\changepk.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-dispdiag_31bf3856ad364e35_10.0.19041.1_none_fad576d8cf74b38a\dispdiag.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.19041.1_none_b6a6a2ae8b1ec7b0\vfpctrl.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.264_none_4de8bd849baaa96f\WerFaultSecure.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.746_none_40b989c5d3ea9316\r\EaseOfAccessDialog.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.19041.1081_none_e836fc4ed2e2ecc1\f\SpeechModelDownload.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5500d10e49b43346\r\ByteCodeGenerator.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.207_none_4054ef70f69f6ff9\r\wpr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

memory/1692-0-0x0000000000400000-0x00000000004C7000-memory.dmp

memory/1692-2-0x00000000004A8000-0x00000000004A9000-memory.dmp

memory/1692-3-0x0000000000400000-0x00000000004C7000-memory.dmp

memory/1692-4-0x0000000000400000-0x00000000004C7000-memory.dmp

memory/1692-5-0x0000000000400000-0x00000000004C7000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-04 18:39

Reported

2025-07-04 18:42

Platform

win11-20250619-en

Max time kernel

140s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\ARP.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\GameBarPresenceWriter.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\msiexec.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\PhotoScreensaver.scr C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\wevtutil.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\cscript.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\cttunesvr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\mobsync.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\nslookup.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\tasklist.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\TSTheme.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\cleanmgr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\CredentialUIBroker.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\icacls.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\mfpmp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\SearchFilterHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\setup16.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\expand.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\getmac.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\icsunattend.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\SystemPropertiesProtection.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\TpmTool.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\grpconv.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\agentactivationruntimestarter.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\EhStorAuthn.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\isoburn.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\mcbuilder.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\rasphone.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\RMActivate_ssp_isv.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\scrnsave.scr C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\InputSwitchToastHandler.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallShield\_isdel.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\PkgMgr.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\setupugc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\dvdplay.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\logman.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\notepad.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\setx.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\wowreg32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\RMActivate_ssp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\cliconfg.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\at.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\msfeedssync.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\odbcconf.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\rrinstaller.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\RunLegacyCPLElevated.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\sdchange.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\BackgroundTransferHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\dpapimig.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\typeperf.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\PATHPING.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\srdelayed.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\takeown.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\wlanext.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\perfmon.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\prevhost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\proquota.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\relog.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\write.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SysWOW64\dccw.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedge_proxy.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge_proxy.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\HxAccounts.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_helper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoev.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\BHO\ie_to_edge_stub.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\Install\{3153363F-C347-4BF6-B57E-CBE5F36972BA}\MicrosoftEdge_X64_133.0.3065.69.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\PAD.Console.Host.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\cookie_exporter.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevated_tracing_service.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\PeopleApp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\XboxIdp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\wmpshare.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\Windows Mail\wab.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_x64__8wekyb3d8bbwe\Todo.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\createdump.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_d0ba8259b7939cb1\NetCfgNotifyObjectHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\f\RMActivate_ssp_isv.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..up-deviceencryption_31bf3856ad364e35_10.0.22000.1_none_30a652d7a8697eb8\BitLockerDeviceEncryption.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.22000.1_none_3038f7c9577f0d5f\AtBroker.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.22000.282_none_03b4c900a639c980\TpmTool.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\f\certreq.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFault.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\f\raserver.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\winhlp32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_64161fe87cb55cea\pcaui.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_90fb210207715818\LaunchTM.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\lpksetup.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22000.318_none_2bc95a47eaa37094\f\hvix64.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\setup_wm.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_4902a165a673e741\f\mstsc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.469_none_8c502cfed26c810b\f\TrustedInstaller.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\f\SpeechModelDownload.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.22000.282_none_31bc5b70e4490cff\r\vmms.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.22000.376_none_c7a79de54d7799ec\r\AppVDllSurrogate.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.282_none_555ad0e288836a51\f\SearchFilterHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\f\control.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_0f0554e930e1de1c\RMActivate_ssp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..te-musnotifyiconexe_31bf3856ad364e35_10.0.22000.282_none_345ca27cf9ce36c0\f\MusNotifyIcon.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.22000.493_none_5c6bd6283c0b8362\CustomInstallExec.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.22000.318_none_9b6af6ae8c0ac6cb\dtdump.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-ldifde_31bf3856ad364e35_10.0.22000.1_none_1b0c42e6553e1df4\ldifde.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.22000.318_none_5cc755143bc62566\ApplyTrustOffline.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.22000.1_none_88f83cb6aac344cb\icacls.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\TextInputHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx4-servicemodelreg_exe_b03f5f7f11d50a3a_4.0.15806.0_none_cd062650b14ec503\ServiceModelReg.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.22000.1_none_ae92c24e0a04e0bb\cacls.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx35linq-datasvcutil_31bf3856ad364e35_10.0.22000.1_none_e59a7bd2a1bf4e0f\DataSvcUtil.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.22000.1_none_12ea1a72b4886bec\ssh-agent.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.22000.318_none_569ec118f1c50925\f\winload.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_10.0.22000.1_none_6744583bcc1cfbb4\aspnet_regiis.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.22000.434_none_b4a3a74a80427a96\CheckNetIsolation.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-twinui_31bf3856ad364e35_10.0.22000.493_none_6ec3ffab3ec4b07b\f\LaunchWinApp.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-security-webauth_31bf3856ad364e35_10.0.22000.1_none_81e69386fbb62c17\AuthHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-unp_31bf3856ad364e35_10.0.22000.1_none_033e889c5d44f379\UNPUXHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-w..ter-cimprovider-exe_31bf3856ad364e35_10.0.22000.1_none_b98d3baff0bf243b\Register-CimProvider.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_bba9eafbb68c1dfb\rdrleakdiag.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchProtocolHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-spectrum_31bf3856ad364e35_10.0.22000.65_none_5df9e0d1a9b3658b\f\Spectrum.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_caspol_b03f5f7f11d50a3a_10.0.22000.1_none_c0f347d59a01d496\CasPol.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_hyperv-compute-host-service_31bf3856ad364e35_10.0.22000.318_none_f32072a930d121b3\vmcompute.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22000.318_none_2bc95a47eaa37094\hvax64.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..mnotificationbroker_31bf3856ad364e35_10.0.22000.1_none_1df835c1eb7ab0fb\DmNotificationBroker.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.22000.1_none_b0ab87cdfc85e48e\WMSvc.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1c7c823802cafdb7b2af675db978ec20.exe"

Network

Files

memory/1052-0-0x0000000000400000-0x00000000004C7000-memory.dmp

memory/1052-2-0x00000000004A8000-0x00000000004A9000-memory.dmp

memory/1052-3-0x0000000000400000-0x00000000004C7000-memory.dmp

memory/1052-4-0x0000000000400000-0x00000000004C7000-memory.dmp

memory/1052-6-0x0000000000400000-0x00000000004C7000-memory.dmp