Malware Analysis Report

2025-01-02 02:41

Sample ID 240719-dlfszstakh
Target 5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118
SHA256 37dfe9c15f6036e198aedbada51b8866e8fdaba7c6a4f7b750df196fc806aa87
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

37dfe9c15f6036e198aedbada51b8866e8fdaba7c6a4f7b750df196fc806aa87

Threat Level: Known bad

The file 5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Xtremerat family

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Drops file in System32 directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 03:05

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Xtremerat family

xtremerat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 03:05

Reported

2024-07-19 03:08

Platform

win7-20240704-en

Max time kernel

150s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 708 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 708 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe
PID 708 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe
PID 708 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe
PID 708 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe
PID 2792 wrote to memory of 3004 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 3004 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 3004 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 3004 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 3004 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2760 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2760 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2760 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2760 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2760 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2804 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2804 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2804 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2804 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2804 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 776 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 776 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 776 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 776 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 776 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2792 wrote to memory of 2948 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

\Windows\SysWOW64\InstallDir\scorpi.exe

MD5 5a3959b9da3a18ca08896cee8c7f04c1
SHA1 7f49a364b3f8383374fe95cc63e7d26a3004571a
SHA256 37dfe9c15f6036e198aedbada51b8866e8fdaba7c6a4f7b750df196fc806aa87
SHA512 a935001682762f28be76899e2d295a7575df447e475fd4cc7abfc36872b24770207d5cc9861f8338db9add4bd9cbad01d6f8ebfe221716fe58f9938285ec6de8

memory/708-8-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\wRVkJyC.cfg

MD5 a719710f9b1ecdd462c74b0196f4537c
SHA1 989607515a2067bc7dd1279921da04f9888c4d4c
SHA256 f6386c6574674951407d288132480c5c283e643f670b9bfcf52aa7e6441963c0
SHA512 7430900831118ba315b5ef2d24ebef8a16cb78242c5fd402c43551267e1a7ff4b1c592dc92d723c950032c9ee04059385419838221b342457ec2d379b7b231ee

memory/2792-16-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2816-27-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1768-34-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2972-44-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2988-51-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1776-61-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2360-68-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1548-78-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2568-85-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/436-94-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/864-101-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2672-111-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2380-119-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1712-128-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2384-136-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3064-145-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1756-153-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1988-162-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2576-170-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2212-180-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1624-187-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1072-194-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1812-200-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2828-207-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3088-213-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3216-220-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3344-226-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3472-233-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3600-239-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3728-246-0x0000000000C80000-0x0000000000C93000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-19 03:05

Reported

2024-07-19 03:08

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Windows\\system32\\InstallDir\\scorpi.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4} C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{JLA4YJ1O-2BN0-333Y-T36F-T41LPU1L7QA4}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe restart" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\scorpi.exe" C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\scorpi.exe" C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A
File created C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4844 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4332 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe
PID 4844 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe
PID 4844 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\scorpi.exe
PID 4452 wrote to memory of 1512 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1512 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1512 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 740 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 740 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 740 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3152 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3152 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3152 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1988 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1988 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1988 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3608 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3608 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 3608 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4760 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4760 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4760 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1960 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1960 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1960 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4440 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 4440 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4452 wrote to memory of 1836 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe
PID 4452 wrote to memory of 1836 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe
PID 4452 wrote to memory of 1836 N/A C:\Windows\SysWOW64\InstallDir\scorpi.exe C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe
PID 1836 wrote to memory of 756 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 756 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 756 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5a3959b9da3a18ca08896cee8c7f04c1_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\scorpi.exe

"C:\Windows\system32\InstallDir\scorpi.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Windows\SysWOW64\InstallDir\scorpi.exe

MD5 5a3959b9da3a18ca08896cee8c7f04c1
SHA1 7f49a364b3f8383374fe95cc63e7d26a3004571a
SHA256 37dfe9c15f6036e198aedbada51b8866e8fdaba7c6a4f7b750df196fc806aa87
SHA512 a935001682762f28be76899e2d295a7575df447e475fd4cc7abfc36872b24770207d5cc9861f8338db9add4bd9cbad01d6f8ebfe221716fe58f9938285ec6de8

memory/4844-9-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\wRVkJyC.cfg

MD5 a719710f9b1ecdd462c74b0196f4537c
SHA1 989607515a2067bc7dd1279921da04f9888c4d4c
SHA256 f6386c6574674951407d288132480c5c283e643f670b9bfcf52aa7e6441963c0
SHA512 7430900831118ba315b5ef2d24ebef8a16cb78242c5fd402c43551267e1a7ff4b1c592dc92d723c950032c9ee04059385419838221b342457ec2d379b7b231ee

memory/4452-21-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1836-33-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5076-45-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2516-57-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3008-69-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4568-81-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2540-93-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2936-105-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5076-117-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1624-129-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3928-141-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4720-153-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2980-165-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4064-177-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3940-189-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4720-201-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5104-213-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2544-225-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3996-237-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1836-249-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3172-261-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4564-270-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2336-279-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5180-288-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5360-297-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5532-306-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5696-315-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5896-324-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/6124-333-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5556-342-0x0000000000C80000-0x0000000000C93000-memory.dmp