Analysis Overview
SHA256
3a282932054de2fdecc1d69633e359f673994fd5677f30972605617fdaa773fc
Threat Level: Likely malicious
The file tif.exe was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies Windows Firewall
Reads user/profile data of web browsers
Modifies file permissions
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Drops autorun.inf file
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Views/modifies file attributes
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Gathers network information
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-04 23:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-04 23:53
Reported
2024-03-04 23:58
Platform
win10v2004-20240226-en
Max time kernel
63s
Max time network
278s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\tif.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Twain_20 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Twain_20.cmd" | C:\Windows\system32\reg.exe | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\tif.exe
"C:\Users\Admin\AppData\Local\Temp\tif.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KILLWINDOWS.bat" "
C:\Windows\system32\cmd.exe
cmd /k "ADZP 20 Complex.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "ADZP 20 Complex.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32" /reset /t /c /q
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows" /r
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32" /reset /t /c /q
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows" /r
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\KILLWINDOWS.bat
| MD5 | ca0a4613c49cc1b6b7d492d69eadd4a0 |
| SHA1 | 6291ddbcedab6e1bfb91e218fbf8edafe6c72e4f |
| SHA256 | 36081158d4dd673ae2639d7933928300cd33c20df91c598a8de58a9fd9a9f6fb |
| SHA512 | 516d63d40a0ad9517d3a8101e4cd00f16a2c1504ed04d101f46a3f497595eb94d11e6900816a021595c2c56403436045ea0ac2e1dfa47d583695dd38f2677658 |
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.cmd
| MD5 | 591700c81fbd38cf8c83092030536c14 |
| SHA1 | a122ca4b91ec2275400e10f21093c43186391c97 |
| SHA256 | 29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e |
| SHA512 | ae3e1ffef5a82016f13fe728a8a3f2696ed55cdd9ea60d6e75352d55f95fe71cb09bad02945601d4661818473882cc4fae4493d9125e3803054e69c861a97758 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 12c47a0c2fe7469a489e3bee6634eac6 |
| SHA1 | 20066d81328cf2c14a53b953e9d3dca8d855457c |
| SHA256 | bcaf03ad184ba961b396c94d02f40f8ab08f70ebcceeeba2eee23c3b077c4942 |
| SHA512 | 2f44d3ecebb5d0ae67f06a92cd5bb22fd9c4c93a69938f0f8f7e5490525d6a79920e137732941077d9eada5fc2976e6c7a63eee5bbe55dc228fd083ae15d6187 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 4e71aaa85b945ab5dc2680ce12d8474f |
| SHA1 | a00ff196706e8282b02187281a7fa71f20c59eba |
| SHA256 | 411d8fc3a482880ec2b56a7193a4104130ca9554f1feb96db27c59a2b61303a5 |
| SHA512 | cea3cdb3eb537454ccf9773c80c111d8172dace2c79c62ffe18ac7c4373669d055fd9cc4929f9b6f4f376507a1319e37b0ba26373e40f4332d1acb025792b430 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 63e9c7024fc8c4d80e763cef1de073cf |
| SHA1 | 0c82525bae80e847e7771c1039f1d59c2e08a46c |
| SHA256 | 869330e6c91fb6418a2c366364775a08869b6ecede6ad4c962d29280d8ca8b54 |
| SHA512 | 060a51f8873382e5d9173a926cf112357976b0e22b5a4abfb97a02da92fe5e2bd4ff7cec329678e0ec37e00f76d3be5f1ee9c663abde02f8262a9acc1452e9c8 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 750422a132a5750f0d826c0d21ba255c |
| SHA1 | dcc5b4873a0f5c17fde8e5e8c3cbb908acf3c4b3 |
| SHA256 | 67ab735daf7fada15a25187d6050fda3ab293607a221fdee0c2b53649aac9af7 |
| SHA512 | 6faa5e9ae94a27693c603c1b42f247a245b2bfa7a739f89dad45731a3d1b7f23dbca454d4af24302bacc410f4a03ccb82a341127009b4b8cdc912f3760c6f62a |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 05a4d4594b598cfe885bf862787b8cde |
| SHA1 | dfb26e156e88af25bd00db0bc788b81c521a4db9 |
| SHA256 | fd8427db8c0c5ad2c7a8fc36c18f9400e25bdd7dfd1d267ec11a7a94bdbd1cab |
| SHA512 | ac1f87eabd69e1939f463c8710cdd1ba8a886ad6509d26d0fac4e09ab82056cf952b7a0cf2ecb55bb0549fdb0aff6457133eeb6b7b222df58f773f91df101136 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 11c5434a274306a4856aa3a5c7507bd1 |
| SHA1 | 8dc3a4bc0bd7d730574f782ee63e4281860c48a3 |
| SHA256 | 3e1ac49d0de8771c7a45c5b38f10f795f8acb1efc652563aba8e74529fe103a2 |
| SHA512 | b11131aeb92b2928b05becd6c9259b22e3ccbe2d7ec136b135c8c47d8613593332ca02849c9afe5de2fab407ae55cf12298492fa16617c74c2b7fee9df3e43ad |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | d3715d7f77349116a701484780269375 |
| SHA1 | 589c48410637ac33431569b867070a51c4de5b1c |
| SHA256 | ea0bdd86d283aba33d619aeecb5087ad9132b58e8ae7121e3c3774504abb976a |
| SHA512 | 9526a79ac4f9a18104f8e84d684136eef9b6bbccfe772d1d1030d9be02de2f7221cdee248ec748971551a42ed1d8fb1c8a9d820b837164f68376cdee1dc8ff3a |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | b2206e980c51067d6e9dd7575d842bdc |
| SHA1 | 5aa6f76eee9efd569089be7f363e30ebf0531a22 |
| SHA256 | add106f3d6e9cfd2fac3d14a74d6791a9caa257b9c7e105a9a5fc2a309337ecd |
| SHA512 | 89ab3ca635f8fdcb1206f0a1d585355a730506cc1d72ca666f1e9d650b24107368349b44ab0b3d3132442a2fc61c0c9404d00b717a61f305d9c93d5d638d9bec |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | d5980bf4b018e4c397df95afe8941c66 |
| SHA1 | ce53c669a898d09479831bc59bc31a5fba2a6f2b |
| SHA256 | 9afd004a8cb9b9e8b1eeab780fb0c4ffa39c3ec2ded034b1a7cd69db7f67872a |
| SHA512 | c995f9d3252b9a7af52a398562261baf3297fee64fade9de22895cce017e5aa097c7935a0519e474253a181e1e018348a1ade3d953bfaff5dc43e30e2d9fde5f |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 2b04d6f2b3fa536f1f5c42264f4b7210 |
| SHA1 | c4d14d845a490546b72840b38f72fac7fac7a893 |
| SHA256 | c36c3e044d52b3988012de6a543285e62300da567ba4cda30a0ed0d1af87be9b |
| SHA512 | 17d8aa572e9f93a9ef1029e303a515841a1b0544aa1bea0b8a0f0aabde0dd202574a35d06655a86e30029dc899d13e9f880e31c0e6b1334165f01c6bf324cdf8 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 03f0ef4961ee3f5ebc91e222ad5c3a55 |
| SHA1 | 130947f0716f672e1c0577f60471dfbd9d1f3435 |
| SHA256 | b2cf1c83480bb2e69599e063be75ef8188b20c82a03998098d13d42c11502d21 |
| SHA512 | 641784c8422a15360449ae9d79722e4d6d5752ef8db0a6cd8e1d71e78c5994dc9e790f5e875a7314be603feb42badc587bf79e8f682aa94b2335443ea8592671 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | da5f8d71afd8ce9598ec5e5443c459d9 |
| SHA1 | abd2267aaea39b0a9208bc7f094df5fb2754d233 |
| SHA256 | a1d679d97c8ab326b9578d18de310789709482bf270d350786e1b30895c92c80 |
| SHA512 | 1318f1471a536244523141d14c8c73b8dc52de3843eb8b8b3e9b2ae0348eb4f41c085931b8053c5fc68182f0a493d15de7bb086cc872f48203e8f9916886452b |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | fe79131d9f62a7125ae2f69267273bdc |
| SHA1 | ce64c88f8b869715592a62313c1085fd404723c4 |
| SHA256 | ddbb6ebd07eb73d7d96736f68ba5e1b4757e999ced26fc1552665835c5cd7028 |
| SHA512 | 178d228907b7bb32a7787b64a7e791897bacf75516493ddcb6494fe0ec7002bf0ba840a75e4a6d5db26c179de85c2a88e13104d571a1ee585512a5d775519347 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | d56bb0b1144f4f8a973fb96ea18fded7 |
| SHA1 | 2a975ecc7d6da8722c66476c1919d342bb0e0276 |
| SHA256 | 78d6c4b8520f1781f540c264b143ce0357244beb0c8f572d1533f573b32c2e66 |
| SHA512 | 5cb7e79bc533fd1332fdc53413d3290d2bf1bd73e1d77c22667451bfe4e3d41f31a9a938476462dd5e6511f0a6494db5e72354d2ce680063f71b7ef5ac473cce |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | fe669e0a3a56961fba38ef9b7f7d01dd |
| SHA1 | 338b6f4a3ec71587d53aec450ca5448928f966a1 |
| SHA256 | 138b48a413afa60daa506090fa4332d913a1f9d895b6c289c36dd7db00019d64 |
| SHA512 | ff0bc50cef59421253578172602a56f9f9b3a8988a16576eaf8a004792d330c708dbed95f5f4074fb2eec36d7df7f4a0392c88420d2b0678cd907056a23cd41b |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | 9905e5a33c6edd8eb5f59780afbf74de |
| SHA1 | 64b2cd0186ff6fe05072ee88e2bb54476023772e |
| SHA256 | c134b2f85415ba5cfce3e3fe4745688335745a9bb22152ac8f5c77f190d8aee3 |
| SHA512 | e10711d0fb09db27192e9af05ae45b83cf3882d98e904a7f1f969cf24c2f9626f70f35d76f57477fe9c64a58bc74100410740e9d506d4e72d3e2900d6277816e |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 553f7fee8f03967099aa2ba7439d0398 |
| SHA1 | e8018f20ed73b300daa26857399c3ac798ff251a |
| SHA256 | 29046c2d2e45a4067a72d0669899317ef1e7409fb01ce32fe8161aedb417ecfb |
| SHA512 | e54a751c3d4da30297fafbfb39cc616162ae81baf6def292cb770b4069af8012c7e9369c394577734e3a66d477e827492d27de2ec2da9740d9eb1f7be9d00fa4 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 089381a847f01ba0962ae00f0d92d5e8 |
| SHA1 | 9f3240f89871639778a318e0cadccafcf9d7c55e |
| SHA256 | 2cda289b5067c9daf8b4dffdf323b2fe9d0a47bfdbb91b4a017029bc74729c05 |
| SHA512 | 89fbf1b423f17101970290b070d740b8d58beecc6723e64edb7ae23b9285afe3a612b8e8f5ec202d60aca3875a28dbc556a43af9fe4113ac0bdba1fa83c5213a |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 32e130713c631e43d29c8f2913821c81 |
| SHA1 | 41925e15cae2f6842d881aa10ea32036fde0f44e |
| SHA256 | 130c88f4f0787c2c480e152c5a21ccf61cc599a5e9dd53ef299b72554f2072b5 |
| SHA512 | 79824970da66bd1e042ad660d2618101b133d992c4fb2ccbb7d497d6ce1839ec250f9ff3bf3b44ed6ff6b7ed255f0d2ee32f761f199de57c522cffff0043f240 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6989502044e4a9fca67e9ded25de9956 |
| SHA1 | 9a8d099caad939d32599530b27f7db641cbdb8da |
| SHA256 | b370b54e95376f4b6df27592bc23343c82ebbfad3d52e71a38a2aac504bda04c |
| SHA512 | 9f0e6d59d9adc531f5c162b964205e0dd63c6a956291af48d24e6b8988a940b6f2cc7644a9163277e6383a6d9f8ddb00c9687d73426ea776c691e73f66e95a5e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b20421aba6b1738af56e402aed7b5fca |
| SHA1 | 7b9e8f147c25a383e775cf4ce66fec5f050f8187 |
| SHA256 | 2b11af7c3e34fcb9851881ecb06ee601696a6e29b3d3f283f79b118bdba35ecd |
| SHA512 | 32eb6ae6c4009d43422f6abad7cd88f21b3efbd85c4a8c1fa45675f59f5c7a1d0839c6f73131522de5c0f5f1cec2dc9b4e2b00dbe68e060390cc5b6174ef9683 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 47152f81ba81ab8f18945ff7d370b07b |
| SHA1 | f292820e6566116278875c5fe12a63fcd2013a63 |
| SHA256 | 867bb3abbbb8f2a1e82218668a89ccd96cae75fc452cf5356bd1149a2df1b5ce |
| SHA512 | 70c8604dea33ab820ee06feac4c6a55ecaefd0174d0504e7d2bee905e18c2c2223ab40d560a8f38fc01da86abe00f8187bbb7477d0120169600913e857839da0 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 9eb077214cd4570622a5666ab8aa50c0 |
| SHA1 | 814645452ab3ae77b2e8aeccf7ca81c16600f8e6 |
| SHA256 | 3684e2a0c9b233506f8eae38f7db3f1f9a2060fd2e84f80e13a4774910c0d4a3 |
| SHA512 | ce5b53e9d042330a4735c1976b604ac5649d30eae39beb0fa29024dc40926158d540627fdee79eb375bbd43b03b417ebb66b2c798e5602584f5b7504ec2e5672 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | adad2cd23a8880d4b3bdb1481c5b7998 |
| SHA1 | 823fc1acc3e7a3f0cffab5cb8fa453a8c0d1872c |
| SHA256 | 838ba55eb15df2e0145178a20b4d01314d0fcde04ff871649012eaeba6bbfb69 |
| SHA512 | 8c600e32157daef85549d0a19a40f38e812e05cbf24e51453fa1ea94435e55fe4a705e77d42a4f63f3c565da98b4e69f1ed7bb6f3dbca65e80b17526954e60e4 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 192c6768e88e9311da04f05fdc93c4d0 |
| SHA1 | 1eba73a915af76a91cc5705394c9fde2ec29e543 |
| SHA256 | 011dfb537c782d4756571f4098f10efc42b0bcbd32fd62a4bbc7d470a665250b |
| SHA512 | b1d01cfff853ad78cc11950e7da6f5fe545889a32d535dc3e30f7135f655f085f9bd628371b0ea4ff636de2cabe246971537a4994cdc267d4cc57805c04d2bc4 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 88a2fcd93445c8b092324fe1236d31dc |
| SHA1 | f63653fe34d54b7e42e29689a934ed097329128d |
| SHA256 | 0783070444c465de8a21f7fc41f61d2bd535e995454e4086b2e01780e96ad419 |
| SHA512 | 3e44cce194b1cc3d6946d33dee6756f0333edc886f9ebe8149887c2e9b35867575ed47f15b2c384ed37aab3b8e37dae3369e1259d132bdf9bb832c70c09e8085 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | b260589bc116e407e75412be10ce0c7c |
| SHA1 | b3498d228b26ad13ba76b27d624ef5eef940221c |
| SHA256 | 61bf3a4e7eb43119fb6f69c2d63872f35b9b6d79fd5a846ad824951ccea9898f |
| SHA512 | 007b78a36ea10d91360610ceec313bfa51c663c719859edf95dae0cdb75bdbbe6908bf0cb4c3f2e237539e0e20dc64266328e8a82ad5a7c90b59b6f56f683c4f |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 72ac4e9a42612baa5f3e7759cb7d5f72 |
| SHA1 | ca9ff60ac4fb91b03c0b94ee740c901f3b83c2d3 |
| SHA256 | 62a5acdac22efb52b443e70593f58333829ee60f77ffc05bee8ee5a0b0b8198d |
| SHA512 | 2482dd88cf5666cfcefb69cb490f3e2967d82b6ae18f8f8ef9632354bda2487829696a29c993d482546fd79cfac4e732ca81c0e2d61c8b3a51f164dc1fe0b611 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 8c68239e506b5453fea7c6188726af54 |
| SHA1 | d78cca6aba79b7c2a8f2c8d4127f813b8d539ec9 |
| SHA256 | 0af8f3f88cb82ea03d1cdd361f8b6c8e7520e67bb24050184cd860e014522883 |
| SHA512 | 954c00d17d0b97f1bb241605137a80c06a62111c456fe5d45dc3f68ccbf2db434082c9c4e1e3cdeb27ab6cf21afa059866c8b848331f785a1fc87a777fed6bf6 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | b293c638fb6956e5db1746725a79d8e3 |
| SHA1 | a459cc36557de50b755d1b23019f5277501269cf |
| SHA256 | 08b0083253679dc3b6f7d1099e079e8e277f80a847df9e4663dcb0052146f218 |
| SHA512 | 340ba163a9e2bb4f3e0c2dd15354d5d9ad002753a3ba56407688c224fa3d854e5f6ac30c34835eca424fb7005feb7dd8a3965b96d9ed4c8d3cef79a26c51bf0e |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 99567790ebbe9ce2f4af71c5e0295a26 |
| SHA1 | 03ac41d3174d2b5a4111d757a9aa5425cf93e95a |
| SHA256 | 549e0654f7854658da7019389246128025770ea7e4da6c3dda300a83e069d742 |
| SHA512 | cfcf18d405a933c96a7209311c503125b41b7f4c12e8f1a18d4685155582d888d1ff1f230e42e0f613321376c439dfe12b903993eef46e93807e83d63bf8eb1e |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 8d485f3ac2acb6e586e8f1d8af2df57f |
| SHA1 | 43e9653ecedbad263a5e015ecaa3eebb7a44feb9 |
| SHA256 | 530f6ebaf4445acb0855efc516729598a3312aeedd0ef9024da6f347f152e783 |
| SHA512 | 4105fa612f86d46457f77449c095cd9e1f59dcb4d137bf3d822e4f52f89c517faadfbaa00b07d15aabfc0d2afdb093ea63d59add313525149f17b7427917494b |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 6b5259e59c4210cd7832efda836b7b96 |
| SHA1 | 604ece9d5bc7d379c1865ce5602773962b31a080 |
| SHA256 | 0430245b71b094dfde8bb22b310ba4857a3dc44c704607d868c8b814bfd1a2e3 |
| SHA512 | 7bf0a234c4fb5b55d176a95e656c5c4f13afd01eab1b203606d5d785afa1f029ad754f05ff22a929cbc7b4ab8375d7d9ba4c3456b510dc54a900a15e18fd0436 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | dcb2f3bf86983d24a85126d8ffb30d9c |
| SHA1 | 5309dd2306b604f86a4f3a39e3900b0d7825fc3c |
| SHA256 | a59ce9b3d41f9680d7767dda18f4149bea6d84b4c8ab39da7df057023278223a |
| SHA512 | f53d15a3f06850f84ac408b00500be1f156561ffe4c7ccdaf66262750e110a43765704e5c6a3b82a60b2bbed4b416c3135007475cf99d5938c7f0013bd280126 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | caf46a34c420b5bb2e6aba88fe6376ba |
| SHA1 | df3adbb6b2e88306b8876a784139c4837089ce28 |
| SHA256 | 2e33a755febd161790031dbdd9fe0aaf7dba6c708e85be954bce473cef553681 |
| SHA512 | 3040b169be5243453839050e8cf7d3e1ec5c1a6bb4ffef7272c6906e132c852b6c19ecdbfed9bd3a8b95f4be70a8b50f3628cba7f5ec232d1553c13ba06a2d7b |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 6425ad43cf1a60efba7bca75deb59420 |
| SHA1 | 60f528f667901790efa9a981f94b25acbf5b6e89 |
| SHA256 | f7ff58b2017261eb59d663834e1aed963224ded2d51199aa3dc8aa8b0c544ce5 |
| SHA512 | 7e411642ae5f93a84f5182441bcdc25f21f5eb15be6adf1fa05ff0a249c57b091fb91f6da61dc688c04fa7f79caa0933741e50cc476e9ad7faab67e977a88c18 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 78be0813d8bc164953b386806f255b84 |
| SHA1 | 07c821f83e465145147c9afd0b7f34e08c4cbe9a |
| SHA256 | da244b64d0e154e2b506ee04188cc69af66e3cbc39ab2494da4001bc854cb8c9 |
| SHA512 | 33551cfcef37082ad22b1471e4d803ec087e036bdf7d2d7e6eb2903d55ec7a0b7c27fa7a0409082864ff8744ffa5ec107d9cc38ec40c87d3ce45b5e4a0368803 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 3fdd19fb2a886abcccbbb2d3253b43ea |
| SHA1 | 56f40cec4c6287084f3fe5147a929e9c6d81ab41 |
| SHA256 | 005939c96c791e50f2aa446ad812e3bfeae8297fee51c7f6e543d1d6571882a3 |
| SHA512 | cdc92751c460ef659637ff239479503f13c701bddb704799e173e6b2e9ad90fd551b5cbf2dd060ecadc0f9f450e2c49656a74a9a36f7d82b919d92dca234e467 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 1e8d244cbc69cd81d243dd6da999acb7 |
| SHA1 | 9441d1b0a3cd90c83d5c6b383b7d000b465b09a0 |
| SHA256 | 0dd700e9b89942a7418e47ef07271e407fabcb37406c690a698f4b4304f99f65 |
| SHA512 | f6b2408e29e0592b0bbaf687fca598ee5384a9105194014dc26dd069ab9ac4622158751c41c59ada4a712ffa74bebe3bd3be1aab22319fb1f1b4a3b77c54fb6a |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 42c09e0af994c185a31f59ef625b461d |
| SHA1 | b95304e4e4f00a143c53b5c08c5710bf5fbbb231 |
| SHA256 | fd11a7cfc8b7cf9cef60130f8c77dd176b081de4b121b1706fca93db24a0531d |
| SHA512 | fbb26967a6dc701d16583ac7fc00f3a0d00aad037c17f8b85ba71576cf23c079f0735e34cbf85008598e66cbdd7accfc327bcccba868bbf42086a21dbab46298 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | a8b3a6be258eed63e2b4409544bd68d9 |
| SHA1 | 7d616d74af741eef44885a47236d3881906f054d |
| SHA256 | 2ed0a6e8be71f845b517299276466521e824f6765ec9cf699a2e6ad28363683b |
| SHA512 | dca6b4db6a90569b93b7eaed3e3989104a61612f8b425225cbaf48daf3c5eed07c6e8902d18e94af265e1c8e337fbc1500b006f153bf86d1a0426e88d126b7b7 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 52d71d95f203360b3ffed0b94faae8ad |
| SHA1 | caf78ab24288d419e1b36c9c71322628f0057fdd |
| SHA256 | 770e3f54e2d29836a79cda9f1e026a3aaa1704f3f975a8282d5e29bafbb77eab |
| SHA512 | b9a9c3f6de1eac51b7fc1174efa1985c49f47b8a123c6780d87cc761ecda915e46545efed8f13f0eb34a51b10dcc3da5140a824d05b7ff5b89f3ddb17bad5392 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ad0010095a82da61b486dbe70cd90767 |
| SHA1 | 67d5a65f8cee8409dfcec2da99d290a2730cd662 |
| SHA256 | 28d651bd0e01d8ee66b46b064b05841cf33e44f3c55ee8b0612f5a812bf0de43 |
| SHA512 | 93a5f5c2f71a00ce760f1efe89280e259b3f75f1d04e3a1708d683c0b9a619fb5ac577e0d9f59c3b767c3b45323e3af9450362624526705766bf77a94b4aa827 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 02db71e2d5048505e0bda8ded7e84221 |
| SHA1 | d69e98439c3a235bc06cbcb4a28aa276cadc45c6 |
| SHA256 | a7bc9e795cb74a9530528a0550988a209fb0e6f168aa7e3770a6ebfe655c631d |
| SHA512 | 7fde47e23a08bf88de0a0cb481dd76b4f712335579fba57f9ce63a553410f59a01d5dc5c21bcc5b58214dc598509d94087f99c0b8b5db55ca44760a4becf6482 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 4e25e75f39335a7795635f66a46740bc |
| SHA1 | bc08ea951d00c5f98f7d7af810b37046053956e8 |
| SHA256 | 65102e87e52ddd94c3fb6934ec680f96dfc957a0c20a02fdf2466109f1ea6301 |
| SHA512 | 6ffcf2917874a268d1f68218891b8f9cfe0ad1c360a69ff2847e98abdaff30b48d6b2d3b851ba2bffd66290646966673dff054591ff016fd4e0271220febec27 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 8121f11e87f60273133c1d4c5f2339e3 |
| SHA1 | 1b5f0c5606e4e5e719869a2eec08570bbb9d0983 |
| SHA256 | 978851de9dcb4efd2257617b898de25f62da230ac72922cfc3e28149089cafe6 |
| SHA512 | 1d03d6985a98ae46c53d46e5b2a441992cd928c74e8ad5575f681800128e3d3c19474059b13692369c22a1cad575049cd7cff85b564ffec4bf7327bf7d5d568e |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7bf7c2891287f1e755a3487179abfd5c |
| SHA1 | d82a7319346b5c469d16bc59e0538b780101558e |
| SHA256 | b881082065421726d5ed4f8492c4439550b1d663587ddc95ddeb5b0352195e21 |
| SHA512 | 69c284fcdab788adf34b904ecddc24a824e856a02473393047258c1e1b10931617019848e0049fd85f91d3cd7c7cb9d58b00b3739f89603c5d40d52fbe78cc21 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ea260c435f9eb83e2b5041e734ff3598 |
| SHA1 | ca70d64367cbdffbbf24e82baff4048119203a2e |
| SHA256 | 3ade659fdae17c11c3f42b712f94045691fbd0b413428b73e1de8fe699e74615 |
| SHA512 | 548624cc523aeb4136376f792d23b3f2aee4a676362f8a0dd0e8161f0df87ab926b82f67fc174eb5d9473c23f49e6ca962bc84479967f7e624250d94efa66876 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 938ca433778aeef75a4eb299b906b428 |
| SHA1 | 98c91eba8509d45e3157ffffb1afc40984608be8 |
| SHA256 | 380f37729dd456d5b4c857114f8aac78dbaef1cd05c29aa228daac13361a8af3 |
| SHA512 | cac79ed9e2e270c16b4b6d3fc09562672e9749dc0c7ce3e1d5ba6a2e714bf3b975f3c7b636b84ed9be37630339fc260406969d7f60058a436285851a62af7ee5 |