Analysis Overview
SHA256
29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e
Threat Level: Likely malicious
The file ADZP 20 Complex.bat was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Possible privilege escalation attempt
Checks computer location settings
Reads user/profile data of web browsers
Modifies file permissions
Adds Run key to start application
Drops autorun.inf file
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Gathers network information
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-25 17:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 17:00
Reported
2024-05-25 17:03
Platform
win7-20240221-en
Max time kernel
12s
Max time network
121s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Reads user/profile data of web browsers
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\icacls.exe
icacls "C:\Program Files"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h "C:\Program Files"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\icacls.exe
icacls "C:\Program Files"
Network
Files
C:\Windows\System32\Twain_20.dll
| MD5 | 591700c81fbd38cf8c83092030536c14 |
| SHA1 | a122ca4b91ec2275400e10f21093c43186391c97 |
| SHA256 | 29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e |
| SHA512 | ae3e1ffef5a82016f13fe728a8a3f2696ed55cdd9ea60d6e75352d55f95fe71cb09bad02945601d4661818473882cc4fae4493d9125e3803054e69c861a97758 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 36aa84388b0253dec8f91d7b3228e3e6 |
| SHA1 | 61597113395d3d9d8675f4d4945f68d775df0bfd |
| SHA256 | f66924c09b7e836a2f2c519213bcb87be0dbc533f19e681f38264e0d5469abcd |
| SHA512 | 260f530b57d680b78079ccf0fa00ed76c1f15b12e83088e45ff328fd6521c354040302e2de21168e243fb6ba8c67d139bf7d99793747d7ff7b6941a13071a723 |
memory/2948-386-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/748-405-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/1016-404-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 55d49aa2766a82ed64b82ae430d396f4 |
| SHA1 | d5cef7e67cadf128ad7eae7ee910a15c25c18b10 |
| SHA256 | 512418d05541619c29d712b4199ba83363f12e27e1f66735977688a2cb003b3e |
| SHA512 | d52fde777870da26138c34cbea65705f9d82717e874d79f85acee4d4f8c9711933ca45965f3243191ab4bbb9c529860bd218df27a525117a1e9150c117fa8c0c |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 42358fda8075b544bd30b846c6b0ffad |
| SHA1 | d1cec067376591089afdc39f4d2fdff60d68a8f1 |
| SHA256 | efe04a8acb9cda8561d0076f51332784814b78cd4e52e6f6bdf3d7e3b2835405 |
| SHA512 | 78aab3fef009ccee6b7fa012aec650504961694aa692801f05b0058a8bc8ca308c2827b416086497fc3ceb94a56905ebfbe60def463f09b1ec699fff6d978bb5 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 6bc9ab9854695874c5338bd08dde7db5 |
| SHA1 | 8ae8dc91cd8b80dd688378a3eacb2750e2de8c3c |
| SHA256 | d4249fbe2df7ddc684f61bbba98e5d3312c85e5787d5500a73ff18a5abce76eb |
| SHA512 | e8fda27e7d1144816879b84fa04b8b3a7063f3841e57a1aaa918b5dfa1dc35f0f4380f89ca861c59ea45d884488e68309dabff15200e6b99038df4431e439f85 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | d3715d7f77349116a701484780269375 |
| SHA1 | 589c48410637ac33431569b867070a51c4de5b1c |
| SHA256 | ea0bdd86d283aba33d619aeecb5087ad9132b58e8ae7121e3c3774504abb976a |
| SHA512 | 9526a79ac4f9a18104f8e84d684136eef9b6bbccfe772d1d1030d9be02de2f7221cdee248ec748971551a42ed1d8fb1c8a9d820b837164f68376cdee1dc8ff3a |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 05a4d4594b598cfe885bf862787b8cde |
| SHA1 | dfb26e156e88af25bd00db0bc788b81c521a4db9 |
| SHA256 | fd8427db8c0c5ad2c7a8fc36c18f9400e25bdd7dfd1d267ec11a7a94bdbd1cab |
| SHA512 | ac1f87eabd69e1939f463c8710cdd1ba8a886ad6509d26d0fac4e09ab82056cf952b7a0cf2ecb55bb0549fdb0aff6457133eeb6b7b222df58f773f91df101136 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | b2206e980c51067d6e9dd7575d842bdc |
| SHA1 | 5aa6f76eee9efd569089be7f363e30ebf0531a22 |
| SHA256 | add106f3d6e9cfd2fac3d14a74d6791a9caa257b9c7e105a9a5fc2a309337ecd |
| SHA512 | 89ab3ca635f8fdcb1206f0a1d585355a730506cc1d72ca666f1e9d650b24107368349b44ab0b3d3132442a2fc61c0c9404d00b717a61f305d9c93d5d638d9bec |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 866cf2b0d99e3461f10d7c2f054201ef |
| SHA1 | 5302d63bf1565212a2e0ce0146acdfbf945cd5d7 |
| SHA256 | 658bc6a8fe7213b8f49bf29f35d35585ed2925413475d19cc3331627378b10e6 |
| SHA512 | 8dc3c66930e1ac8f1c1a5b93a7c074643d605ed8c1d148c083f3530b8ba8896227423f39af690ffb2cc7dbe685a30d20b45f4f74df4aa9ce7b28c571cbf89e04 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | da5f8d71afd8ce9598ec5e5443c459d9 |
| SHA1 | abd2267aaea39b0a9208bc7f094df5fb2754d233 |
| SHA256 | a1d679d97c8ab326b9578d18de310789709482bf270d350786e1b30895c92c80 |
| SHA512 | 1318f1471a536244523141d14c8c73b8dc52de3843eb8b8b3e9b2ae0348eb4f41c085931b8053c5fc68182f0a493d15de7bb086cc872f48203e8f9916886452b |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | c43ba87bbd9766ee622a5ada4078e353 |
| SHA1 | 8d66f51c515921a2bf174bb60f6b7d2f492b062c |
| SHA256 | fb18f2f20302b25b7be201c9678e5c42eaee793590503eb1450283e677de21b7 |
| SHA512 | f0fbbc5000b4def67de88318e2753f44134f0db727667c3fb1517d957bd326dde7b8c4704dd3e58fa1c89008c8ccb5501bc8bf4bd8f8a8b6cc9e45650935e9ba |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | d5980bf4b018e4c397df95afe8941c66 |
| SHA1 | ce53c669a898d09479831bc59bc31a5fba2a6f2b |
| SHA256 | 9afd004a8cb9b9e8b1eeab780fb0c4ffa39c3ec2ded034b1a7cd69db7f67872a |
| SHA512 | c995f9d3252b9a7af52a398562261baf3297fee64fade9de22895cce017e5aa097c7935a0519e474253a181e1e018348a1ade3d953bfaff5dc43e30e2d9fde5f |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | edfe50f8097766b7eff79357320b7e8e |
| SHA1 | f9ecda7eea707c6eb346255df3ad89abedf485a9 |
| SHA256 | 9d690fa438fd8675e082a08dcb72cb1042841535d6a4b2b2bc490ae93a24598f |
| SHA512 | 798c2bd7ff6cee953d48f89a8843fce1f332546d78828d096949ca0c2bfe54bc9076331d951ee49ac89586aae7c99a92f2578390777f4501781fa074f7e90e83 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 03f0ef4961ee3f5ebc91e222ad5c3a55 |
| SHA1 | 130947f0716f672e1c0577f60471dfbd9d1f3435 |
| SHA256 | b2cf1c83480bb2e69599e063be75ef8188b20c82a03998098d13d42c11502d21 |
| SHA512 | 641784c8422a15360449ae9d79722e4d6d5752ef8db0a6cd8e1d71e78c5994dc9e790f5e875a7314be603feb42badc587bf79e8f682aa94b2335443ea8592671 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 089381a847f01ba0962ae00f0d92d5e8 |
| SHA1 | 9f3240f89871639778a318e0cadccafcf9d7c55e |
| SHA256 | 2cda289b5067c9daf8b4dffdf323b2fe9d0a47bfdbb91b4a017029bc74729c05 |
| SHA512 | 89fbf1b423f17101970290b070d740b8d58beecc6723e64edb7ae23b9285afe3a612b8e8f5ec202d60aca3875a28dbc556a43af9fe4113ac0bdba1fa83c5213a |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6989502044e4a9fca67e9ded25de9956 |
| SHA1 | 9a8d099caad939d32599530b27f7db641cbdb8da |
| SHA256 | b370b54e95376f4b6df27592bc23343c82ebbfad3d52e71a38a2aac504bda04c |
| SHA512 | 9f0e6d59d9adc531f5c162b964205e0dd63c6a956291af48d24e6b8988a940b6f2cc7644a9163277e6383a6d9f8ddb00c9687d73426ea776c691e73f66e95a5e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b20421aba6b1738af56e402aed7b5fca |
| SHA1 | 7b9e8f147c25a383e775cf4ce66fec5f050f8187 |
| SHA256 | 2b11af7c3e34fcb9851881ecb06ee601696a6e29b3d3f283f79b118bdba35ecd |
| SHA512 | 32eb6ae6c4009d43422f6abad7cd88f21b3efbd85c4a8c1fa45675f59f5c7a1d0839c6f73131522de5c0f5f1cec2dc9b4e2b00dbe68e060390cc5b6174ef9683 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 29b5b09df26f27309a035092f12cea61 |
| SHA1 | 8368472cfe258c2ceca3c6050687ab4c3fa32af8 |
| SHA256 | 94df41074ce14fe5181d8a4d9739b2b1c6acccb8e7d73007ce0bccee342c4c7e |
| SHA512 | 87cfa5a3aaf28da50c7e441040d0c90ee74478b2b1cf39ef5525f8211a544ab8987dd8a478354e43f3272da875887196f8ba0b7cb510d8911b6be29214139340 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
memory/3088-1393-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/3156-1397-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/1672-1401-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/3628-1471-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/3820-1490-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/3920-1496-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/5008-1704-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/5072-1708-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/3512-1709-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 9905e5a33c6edd8eb5f59780afbf74de |
| SHA1 | 64b2cd0186ff6fe05072ee88e2bb54476023772e |
| SHA256 | c134b2f85415ba5cfce3e3fe4745688335745a9bb22152ac8f5c77f190d8aee3 |
| SHA512 | e10711d0fb09db27192e9af05ae45b83cf3882d98e904a7f1f969cf24c2f9626f70f35d76f57477fe9c64a58bc74100410740e9d506d4e72d3e2900d6277816e |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 88a2fcd93445c8b092324fe1236d31dc |
| SHA1 | f63653fe34d54b7e42e29689a934ed097329128d |
| SHA256 | 0783070444c465de8a21f7fc41f61d2bd535e995454e4086b2e01780e96ad419 |
| SHA512 | 3e44cce194b1cc3d6946d33dee6756f0333edc886f9ebe8149887c2e9b35867575ed47f15b2c384ed37aab3b8e37dae3369e1259d132bdf9bb832c70c09e8085 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | b260589bc116e407e75412be10ce0c7c |
| SHA1 | b3498d228b26ad13ba76b27d624ef5eef940221c |
| SHA256 | 61bf3a4e7eb43119fb6f69c2d63872f35b9b6d79fd5a846ad824951ccea9898f |
| SHA512 | 007b78a36ea10d91360610ceec313bfa51c663c719859edf95dae0cdb75bdbbe6908bf0cb4c3f2e237539e0e20dc64266328e8a82ad5a7c90b59b6f56f683c4f |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 873781e160d6c7a2c7100536f95e373a |
| SHA1 | 439389553b0f4b61327c0160a92e4c8ddca8f84d |
| SHA256 | e244905c9acc529b7d7dbd58453f44dbd3f3d627bba23adcf375afde9b6b2a35 |
| SHA512 | 1116b365d1e44dbad9fcdf462bb3467dbe3ab8b40a01c7dc6d516b24d2b1260c405cbda80f7a1177f89412a2db726a68e6ae2ceee839c117061ecbb75a06a4aa |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 3fdd19fb2a886abcccbbb2d3253b43ea |
| SHA1 | 56f40cec4c6287084f3fe5147a929e9c6d81ab41 |
| SHA256 | 005939c96c791e50f2aa446ad812e3bfeae8297fee51c7f6e543d1d6571882a3 |
| SHA512 | cdc92751c460ef659637ff239479503f13c701bddb704799e173e6b2e9ad90fd551b5cbf2dd060ecadc0f9f450e2c49656a74a9a36f7d82b919d92dca234e467 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 7b1014121451c72ae238a9375cb9a34f |
| SHA1 | b34267e022b3b9bfa45cbee6214b58248a606dcb |
| SHA256 | 5a8ab1349c8f5573ab16b94aea4810d6c2df1eb1cd6463afda0a3de1842ae278 |
| SHA512 | 451528ee3392d54ac0826101aa89bc2182f7f2f5d88c29960ae00832f5ca0e31e6128f1167b350a511306e2917c51fdb06ce6f87853cbf7578012681c491d986 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 77f69d6377472fd28eade93d650d8221 |
| SHA1 | e85f7c9edea782a93a6fed9bc28ee4aeee2155f4 |
| SHA256 | 222669a803e349dd5ce98771e41131744c31eaf823993607b9331e72adc7eb36 |
| SHA512 | 616b29a38aa892cf4357cf80d5d10f93db306b553b5729aec431449bd109df6384cfd439f21317d644bfe29191eaecf03a81f6cdac2dc54a7224f5c5fe8319a5 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ad0010095a82da61b486dbe70cd90767 |
| SHA1 | 67d5a65f8cee8409dfcec2da99d290a2730cd662 |
| SHA256 | 28d651bd0e01d8ee66b46b064b05841cf33e44f3c55ee8b0612f5a812bf0de43 |
| SHA512 | 93a5f5c2f71a00ce760f1efe89280e259b3f75f1d04e3a1708d683c0b9a619fb5ac577e0d9f59c3b767c3b45323e3af9450362624526705766bf77a94b4aa827 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 8d485f3ac2acb6e586e8f1d8af2df57f |
| SHA1 | 43e9653ecedbad263a5e015ecaa3eebb7a44feb9 |
| SHA256 | 530f6ebaf4445acb0855efc516729598a3312aeedd0ef9024da6f347f152e783 |
| SHA512 | 4105fa612f86d46457f77449c095cd9e1f59dcb4d137bf3d822e4f52f89c517faadfbaa00b07d15aabfc0d2afdb093ea63d59add313525149f17b7427917494b |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 7c469eaae93d67c7f8f28fa787740d01 |
| SHA1 | 4d03d82d8145f1da52a52af87174670cf82c1ffb |
| SHA256 | da136d25001651a09f0b08f84e68125de955f14e8d602e85049c933758ea4298 |
| SHA512 | 1c1c8c10c52e8075354429dd0f1dd7c302151a28c710cba245f2b1169f2fa31b2e2e73330f8f3ee654490c44519f0ed89359f7392a087e5e7ef906b7fee66900 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | c97422f06c77bca36a58567f0182538e |
| SHA1 | 5a026fb6b533aedc318bf7d89f839eff9c68796a |
| SHA256 | 2252affb7a2eca4c1331d50d85fa05cadd4f24c44b9dfae9b7938b47f6db9e84 |
| SHA512 | 8f6cfc2a9f69404f26fc9a2d1f2c61e6015fae3b42e66a2633513c9fe9016a2eb11b5c02fe59a56c9015edb69e1d1b79f4abd85668e610e7158b5c04e31fe8de |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 91f526907367e546f6637f9882b7b69d |
| SHA1 | 9b66887186c56e28d8659461583050ede1745383 |
| SHA256 | cbd3e37648b6a9f1c3722280ea3e8c8391ecf711af6107faec22a962b85a96d7 |
| SHA512 | ea7073f0a139bb7d3d6b1a9c7dac2498b0e82b6a4476cddc39d9f80ed6801bed96937e4a8a1626cc5ad41791e814c1d42a3c56b121bd17e700210921a1b18d5f |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 8d42b25e34da75cd09d10b534d7a6012 |
| SHA1 | a408aa5cb02089156497c1976c7fe41dd42f06d9 |
| SHA256 | d20e9eb2185a2d21b55a5f1ae338e500337d8a43c117c0929c0e3233a58bea1a |
| SHA512 | ead990dff8a6a1d47ca32ad4899e48261c2c628afa5d25cc201ce6c1406a8a52cff6be0718964641b3f610160277122fcfdcb93ac0b68d050effc3e2fc26f8fe |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 4dc05ac0050c0d2f98299a019fda2577 |
| SHA1 | 9e606ec3d928474adfda99e10a3ef39e5c727683 |
| SHA256 | 55fbdc6e73e70bf1466c6f00fe182c51aca8ead2fd1e3ee408cf9eff91f1a5da |
| SHA512 | ebe2a623abbb7da77102687d1cbdd6255317ef32de0c0e6920c933c25a8a6069cd6be9f44248d91bdca87270db50468bf5e16ea629dd7277d9e15f34075cb268 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | faa4d74ae1348f395723208ea9b5734e |
| SHA1 | d9fcf36438c3b9cfb2f5863b644fd5436f564309 |
| SHA256 | 1f50be6aaebc58d582685707b23f749ea0db9d028dc9839a144514cf139775c4 |
| SHA512 | d5d1409f0948d4393d0cf94b2648dc2929cb53386f54a2c37d92dca14238f88856cc0c3a689818873d48c49a8a686b7bc074d2e0a4ab92ca882be6f42aa69882 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 21321634b2c2bf8223d389be19d13d4e |
| SHA1 | 116c0af8712cc2120fbb6c4893f9a99a77242960 |
| SHA256 | fa1ddb950fadc33035dc70e015155e7db6fefaddc05d83cc1fab233e3c416f60 |
| SHA512 | feea91421292af2cb0348c6c09b2bbe810f3a3385c5b5ddbb7e6312aa7f97f48eebf10d6f9966b2fee8f4e843e87ceabf78318c9ac9b070478f0372471acce20 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 598e89776a2342ea6d8b4035643da929 |
| SHA1 | 714cac1cbe4ba77bbd270faeffa3ea3c9bab61ba |
| SHA256 | 53547edb5bd2cda23359fbb7c577e0bda6d5a8e984b5f2a228ee9c60feaed3a4 |
| SHA512 | 6ff3eac0032560c6e7f2a9518511cdf6a62d3dc6e2792df10fac0b4d9bbb598822eb168e4c921230f5f90905c3e7074eec70f40805518041394e8a0e838d68c8 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 8d5c0094fbefe78fabb6d35879d9f192 |
| SHA1 | adf32d163c065fcfa64f48a15946fa0114bb3737 |
| SHA256 | 0c08fc87b54a1e8d8c52da25f6e00ab292c1277929221b90035e91446e8858e2 |
| SHA512 | ab5d4381095d3b12425fa65f9199e995b2b5293c030d9fb5c57c45d8b6c723f0e56157611fbf740a98be9490e07f43aa469b85377d9725b053619b4eaa97f286 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 277e1a2dd49b05d06fc57a224f172e8c |
| SHA1 | cfbc082cd9f07678a247a3a45e1b18bab8b972e7 |
| SHA256 | 9614387211e9f37f5defa24434741e5c68eb281bc2964e7a1bd4d2063f4ecb2a |
| SHA512 | dd6f5e3a9ab8abb6dd133a6b1374634e083d765f4cf306c3aebdcb82196f3329b89b09ccdfbad8fc691ad6b31160f8d9ea814126ae1ba08b7020e54662d73512 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 92174183f7773fe31903c92b1497266d |
| SHA1 | 6dc45a93610c00480aa0117e8ebc32e4eb7e9081 |
| SHA256 | 67f0f025f36648603ceb90fd7ea6ff7602885bebc404e49cd19e993539cee3c3 |
| SHA512 | 3d31c178e24a638fcf02f83810a793ecfc064dacc6366c85be543b17a3c7ec63a0482e65490f03d1caa40357855ab1f45d6e50e8af32a35cbb1c03cbd0ae3247 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | b7392ff4107098f68f3e265039d37f0e |
| SHA1 | b75cd5036fa282e450036a5a2d0cd24171f92a90 |
| SHA256 | 78ebe3e92c40d95f2ea9eb0e2628618902e08c7b93f3de4a2b4419a631a0f0cd |
| SHA512 | 0326b5ef7ce136bc646f90fd413f72b6143a95f57cd34dae42b08d1f4e6db5cd491e941292372290c4144449468204c89c9c01078daecf0b2baf1466573ff5de |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0ae53c6f1e1adcc8a9693f206a2485a6 |
| SHA1 | 206d4109769946f0510fa8a14e352c2a04898011 |
| SHA256 | 254139a043d82339054678dbaa8ad01c67bceba6cedfa75b8eeb6cf5efdc1aac |
| SHA512 | c47702e2f176b7fc44e97f2980c0e0548e749a97a5b8f78b1295b54f47e00cbcbe78563777351e4fa48a8565e2df9dc1d793c87f624bed4f4b3a25edb7bd31af |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 5fe0331327a8de4bb824e9f632854a24 |
| SHA1 | 307f80fa32b85ea91625eea5009e9d2964600d4a |
| SHA256 | 6c3c8dd699f084ee872a60428b8ff8a29a4a314271531686ea9b8683ef9121a8 |
| SHA512 | 1496e4cd579fa0de8ac8d849dd2b1118f6b26c74b48a8b0323b67376416b5b61cf10676a9b86539e9abc2d1beeab22c6dcf7078eac4f5398b008b0013e93767d |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 3d50285600f52fda8e1f06ad9d2a23d2 |
| SHA1 | 51482c4fd3e8f8426ca7adb402c7d55729132c78 |
| SHA256 | b001e1333c230cb838a11877259e23fac1d8cf54500751180408d96541b3ef3f |
| SHA512 | 60b0cd909bf9cefd251af95cf0a2d276615d1158e91a8dff877a465b8b49c5b504c0d8163b6b1c86c12d327dea7bd3828471cb9e8f0e5bed8be0710f94deeb52 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 1f6a511cf3f20b52f2579f588f3a39a2 |
| SHA1 | 8d8bc11847d23be6c26ead8e51c37f5cccbc1ee0 |
| SHA256 | cc10719081e957fb8cd05a9b1974914ef919cdb42494de67eb9f5b3985226bc6 |
| SHA512 | 0587f6e02587aecb62730b3937a7027f7d33400c888d6f19223088805c4491dfa3a222dcfe202ed40f08cfd26b13a1db366b8f051232df3e0fe1dff85ef4bd1d |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 2c77e3b1a1fbe57f517a5e20a2276067 |
| SHA1 | 39b148046cd506d6e77de89363c12cf1a5dddae5 |
| SHA256 | 2743c84bf8627627d8bc12b948e13740a2370bda01accf49ae68cec93d8fbfd3 |
| SHA512 | 9656636f516894aab708cdd526e88c69cc943aae6790bd1a11dd56f78fa4e8779b4af1448dfa25da947f735cb74c59b35ed2c5fbda06df2744d8f770ae5ade2f |
memory/7144-2455-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/6120-2456-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/6148-2457-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/4688-2458-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/6348-2459-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/3096-2460-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/4900-2461-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/2948-2462-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/2268-2465-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/748-2464-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/1016-2463-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/2416-2466-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
memory/5704-2467-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 17:00
Reported
2024-05-25 17:03
Platform
win10v2004-20240426-en
Max time kernel
17s
Max time network
110s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Twain_20 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Twain_20.cmd" | C:\Windows\system32\reg.exe | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.bat"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Twain_20.dll
| MD5 | 591700c81fbd38cf8c83092030536c14 |
| SHA1 | a122ca4b91ec2275400e10f21093c43186391c97 |
| SHA256 | 29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e |
| SHA512 | ae3e1ffef5a82016f13fe728a8a3f2696ed55cdd9ea60d6e75352d55f95fe71cb09bad02945601d4661818473882cc4fae4493d9125e3803054e69c861a97758 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | b0c47bd5c69897e8851e3d7ba845335b |
| SHA1 | 4c49e0b605c24308b6b8b8c639e5614ebda27554 |
| SHA256 | fdc1bf6d012a31785e4e9c5a4430da3a6e04388084fc40cea3f73eae48abc4f1 |
| SHA512 | 8fd37789d5f076248eb4f26f77571c6b6f9331162200a9319f85460b67301009386636737434a53b262561a9277912a09c93f3deebb80925be44619ff8b611f2 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | aa12991b35e027cdb835ffbf2e3f3f23 |
| SHA1 | 0fad0aff21e9fe4c8d66c373b289069644ffc901 |
| SHA256 | b7052bb579a28d62f4a97b0c42036561cc9f6ec22489fcbb8e3aab25870cac3f |
| SHA512 | 2ba6173e44216fcfeac7fd2d23bc781fb7121b7c26e9f1ecd9999ec530c4ca7a90dcafe08e3e76cb7064e2e5c3f857ab42acb703873849499ed18592254aa32a |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | da5f8d71afd8ce9598ec5e5443c459d9 |
| SHA1 | abd2267aaea39b0a9208bc7f094df5fb2754d233 |
| SHA256 | a1d679d97c8ab326b9578d18de310789709482bf270d350786e1b30895c92c80 |
| SHA512 | 1318f1471a536244523141d14c8c73b8dc52de3843eb8b8b3e9b2ae0348eb4f41c085931b8053c5fc68182f0a493d15de7bb086cc872f48203e8f9916886452b |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 4e71aaa85b945ab5dc2680ce12d8474f |
| SHA1 | a00ff196706e8282b02187281a7fa71f20c59eba |
| SHA256 | 411d8fc3a482880ec2b56a7193a4104130ca9554f1feb96db27c59a2b61303a5 |
| SHA512 | cea3cdb3eb537454ccf9773c80c111d8172dace2c79c62ffe18ac7c4373669d055fd9cc4929f9b6f4f376507a1319e37b0ba26373e40f4332d1acb025792b430 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 9405c1b285eae838c1668b989757c5c0 |
| SHA1 | 00630d4b84e3a1cf7b48d579bfd0d40503894cc5 |
| SHA256 | bbd4c13edfbcf576f6a9d61bffd41442ae08b1b0b064d3a9c10670d73cda2691 |
| SHA512 | 64516ca2a771500a29dbe26ac2637445f9007a9bd904f479d191157cd59105e809c7858c059be5734c6e4a124930c651978321a07dd0fdf945a66d7b194fed8e |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | d5980bf4b018e4c397df95afe8941c66 |
| SHA1 | ce53c669a898d09479831bc59bc31a5fba2a6f2b |
| SHA256 | 9afd004a8cb9b9e8b1eeab780fb0c4ffa39c3ec2ded034b1a7cd69db7f67872a |
| SHA512 | c995f9d3252b9a7af52a398562261baf3297fee64fade9de22895cce017e5aa097c7935a0519e474253a181e1e018348a1ade3d953bfaff5dc43e30e2d9fde5f |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 252dce6dc7d4c0b76fd154279e7769d6 |
| SHA1 | 7d1adfd7db69d08712e345c2db560c0b74b3f00a |
| SHA256 | a8183f77a5f53512bfb697c03a929091886c3ba4b085b13444c829a6aa9acd19 |
| SHA512 | 96f7e60df18e5f3eacf4597e4fa97a2ba4a19b1e9dd2981b79a2e6181673715f4b3e2d99fa6db069cacfe7140b5aafa1448907bb9c1ee9000576f2b87e6a56c9 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | fdac6c0d6442c0cfe7c0b69e80227f0a |
| SHA1 | d0d9aea2bf7a4bf1b45237e2207d37830a578d8c |
| SHA256 | b759fa635b2bbce2570feea401c7d2a9735844d204f5bcdbc88f3a3a761f3959 |
| SHA512 | 7e5dc4b0876173f05f69f523d50ad573f5dfced10a771d1b28315c2a068b6f6c39ae5edd2433223f79e7d32b9180801746c9621de02cba026f93412b83339da4 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | b2206e980c51067d6e9dd7575d842bdc |
| SHA1 | 5aa6f76eee9efd569089be7f363e30ebf0531a22 |
| SHA256 | add106f3d6e9cfd2fac3d14a74d6791a9caa257b9c7e105a9a5fc2a309337ecd |
| SHA512 | 89ab3ca635f8fdcb1206f0a1d585355a730506cc1d72ca666f1e9d650b24107368349b44ab0b3d3132442a2fc61c0c9404d00b717a61f305d9c93d5d638d9bec |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 50e2a40bc39192080a39d3088fa7aa76 |
| SHA1 | 481807334d45196f752e8d35eb8f09dc9ff7b008 |
| SHA256 | 6cfa1ab5a6ca16d543b4026cd3e96ad70b24b76170af8f48c189c80c61bec843 |
| SHA512 | ab19fb37e801f8cc8305745b112160b269c18fd6300ba93cf1976069c04bde4b566d9c2430bc0ecfe06c3c0efafb962da0b0a17cec43ef014bfababf36d701c3 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 95cc1e097d7663506eb09a5526dddb43 |
| SHA1 | 6e3a4a7ec62920f45f935d8153507d552462969e |
| SHA256 | d2d61148bf3befe5af5c277e726f487e7bbc833a7f8783013b4b3076885e0f25 |
| SHA512 | 136608646ee72f0df3dad077ec45b5487b99c7633351b239b2c072574958896c8e2f59c67c814963acb5ff85cc6f499587e0b5163c56a95cc3dd4dd96ec3982f |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 0e758e4075696160e66b27af14b8b5ae |
| SHA1 | 7bbcebdbac764771850bb1e32722e65afff1e40b |
| SHA256 | 5e690d98d13602812c921d20a6328acd24ceed8bf7e9c1ff550d67f5020c34d7 |
| SHA512 | afcca00d5f9a3c70e0f5eba685df432a149bc135c986d6e4dbeedf3235074f1cd17dd5087eb620636b33c5ced0412e5e2608b75da1c7f0107a3c5846a9b796cf |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 10b00ab0904b22fb5f8123420a4d4b2f |
| SHA1 | bcf1be0a002161580068341aa5ef31fa26a919c2 |
| SHA256 | bf6028e6354f6e813da36267b5b80da18df2baf9aec0945b19e2402bdf2e63a4 |
| SHA512 | b03c7e88237ec9328015a9c9feb9469e73b42dfbb34426b81e2b6599e1f907c8fa983fffb1e8dc7d6bc7a6730cad9ebc22769b599c5a59753d0ed863cfd0ef78 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | d3715d7f77349116a701484780269375 |
| SHA1 | 589c48410637ac33431569b867070a51c4de5b1c |
| SHA256 | ea0bdd86d283aba33d619aeecb5087ad9132b58e8ae7121e3c3774504abb976a |
| SHA512 | 9526a79ac4f9a18104f8e84d684136eef9b6bbccfe772d1d1030d9be02de2f7221cdee248ec748971551a42ed1d8fb1c8a9d820b837164f68376cdee1dc8ff3a |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | e69c658b8f82ee3db88da488c46d7c0d |
| SHA1 | 1a86d1814cb142a87bfd01104a9135c5b56bf70d |
| SHA256 | 612226e60551f59ccce1dfab8a9878dd3de652e9b08c88d22b6e4cdc8c3fa916 |
| SHA512 | c1f3a40c6fdc9c8d3c86ef1be5c7cd72981193f83e744296507c81b33eebf194455ad14caa995093a50707109f9b428da63be1117176c461bf7cac5d0ad643b7 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 4d6f1b0da81629f8a31411bdb8b30cf6 |
| SHA1 | 1bf9f2f3d7607fd39dc68f06b4742dce96541f56 |
| SHA256 | fba01bc71e9bf757fa27fe5f797662757b0e2b64478bff49cf5ac0027be6e648 |
| SHA512 | 4deb7ad24a5ddc7df17ba567550b96c12038b01c6930c9b01c472d2c26afae152bed81414c1aaf078c7c9962828d958b1f99d1395ca8dc42714aa68c5e5f1007 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 05a4d4594b598cfe885bf862787b8cde |
| SHA1 | dfb26e156e88af25bd00db0bc788b81c521a4db9 |
| SHA256 | fd8427db8c0c5ad2c7a8fc36c18f9400e25bdd7dfd1d267ec11a7a94bdbd1cab |
| SHA512 | ac1f87eabd69e1939f463c8710cdd1ba8a886ad6509d26d0fac4e09ab82056cf952b7a0cf2ecb55bb0549fdb0aff6457133eeb6b7b222df58f773f91df101136 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | b83071f3cacdffeba806408de62c4519 |
| SHA1 | 020ea52f1337c978cbbc0d843ff7bb362c9e9380 |
| SHA256 | ba7043c3eb0ac4a518d151b539f72e56eef16d7606de22f9e649f7a206ef12e7 |
| SHA512 | cfb56580cc17b6e2beea43c54403309c79a9411a9eaa261236b2bd3c8803879546eb74559f37c65a87b402b6396709092ce32e2a2e8ad6b3fa8e79d5de55a90e |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 7bcaa483467edc4e4f283f5528647c61 |
| SHA1 | 0f6affe61b92efdddafaa92002bff8c5d2751197 |
| SHA256 | b55e8ffcd54b336b876d49ba9192521c553bcc5514f29d22d3133ecdb8ffc695 |
| SHA512 | 3562ef230f60562dc6fdd79ab47a9bfcfc7181fee9e7cb9656f76c687478c44b92173d0d4ec943f167dd992277311dd607bcc230e6aa85b5f28b25a9ab884c69 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | cae42c54c92c592185c8364a65ac7e92 |
| SHA1 | 3a339a5c32ed7bc83fd52d93ac157c94d830dc8e |
| SHA256 | 06b0e403039e28de0158f0fc534b8e8a6c36bcbd8ae4f8f1d6275c958f2d9bbe |
| SHA512 | 7e80c1b9d63bcb4e5832e303434ba5f3114e41d543d0c1d01580f6566aca99e1ee71cfc9f299c73f425a6e5707c6fbe615f0475bc722eceeb0dd14964472f0f9 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | f0789dad6dd21616daec151cb529af6e |
| SHA1 | 41034a68b0ab74108fa359c25562d18c3d7cca96 |
| SHA256 | ef39294615687247f79b77b031a52d4d596c17bb58d582d9275de7f351a4d51b |
| SHA512 | f7f5e66bff0ef5a20619667edfe276c2e978588bb9139c0966db37a1a09875234b2481593ac1a0729660c21748ece25ff580bb144e68bd5a1dbf4fd9c0026068 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | c3e7657a6ea302545eff20eb74520976 |
| SHA1 | 7f50db974904777fa080d7f0ddaa76488c625af9 |
| SHA256 | a3dc7c253c039f3b2645a51586629e03bfdd0cd013ff22e30c2700fe05088f57 |
| SHA512 | e6523908cfabc7493f4e6f58d5a98e255b9485d8fb89c28e275bc849476a7205af697854e7dceee19cac93ff02088977c07f888186baab7ce6e30a508316f4cb |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 106f7f18207d25388dcc6f32a317a07d |
| SHA1 | fde124f05f9f62a7e1b349422b9bb73108e13670 |
| SHA256 | e839964ce1f9c20fa55af1a7673a8563f081f40e79beaab3d09a8ccd5b45ad93 |
| SHA512 | 91f4a33a8137b655318265ff416c84f81920634336dcd322aafb0ced20d55a74e10db09e9acdbaa0d3f96f4d8ac3499dd00eac90ff90cd8df92f831a28c50aac |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | ecbe9cbce93ed568fc54e588f8316c1e |
| SHA1 | 7452f09b46889b71aa1653018f1663fbfaa3831e |
| SHA256 | 7ccd9bd1c7c21457402eebc0d08e55661f5c6c47d1d494f806f6275605ec9d8e |
| SHA512 | 6725253667ec7facd57622157b02826d88b5ab5b456175b13233f6067391a62fcc6c0814d0788183188635786917724afc5b6d7e1290fb2c02d3249d916d89ea |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 73d331e7c70ed2bef0e739b2c79f0a7b |
| SHA1 | 232af02a0977af0a67f27805e3182268673e8915 |
| SHA256 | 7fdb0cd383ba22b47dd1d92d2c8935d62cf0a0b5cd90f195ced06229212be683 |
| SHA512 | b0567e5fe798021acef2f157d0ba1e9e89f80bb3d0615f5b727cf6dfa5acbdfa55d3f5322114720d0f16bafffc8946525c88fd921022cb751c9b2d489135a9cd |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ef155ce5b7665bf2ec88bba8e1f4eb2a |
| SHA1 | 641664ad45d18a5e9647966f262dd0ab1703ec04 |
| SHA256 | 8b6d777e1188347d158bf34cbaa533827bc087783aa77eec476bc317469ee228 |
| SHA512 | e2a3b0ec8407bfa4e995f4a086244912b1671abdc1686d6beb2ed0710641f67720c2cbd892ecf4526c5062c14aea414bbdcfa10142ffebbb0417db1e0f118519 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 089381a847f01ba0962ae00f0d92d5e8 |
| SHA1 | 9f3240f89871639778a318e0cadccafcf9d7c55e |
| SHA256 | 2cda289b5067c9daf8b4dffdf323b2fe9d0a47bfdbb91b4a017029bc74729c05 |
| SHA512 | 89fbf1b423f17101970290b070d740b8d58beecc6723e64edb7ae23b9285afe3a612b8e8f5ec202d60aca3875a28dbc556a43af9fe4113ac0bdba1fa83c5213a |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | 9905e5a33c6edd8eb5f59780afbf74de |
| SHA1 | 64b2cd0186ff6fe05072ee88e2bb54476023772e |
| SHA256 | c134b2f85415ba5cfce3e3fe4745688335745a9bb22152ac8f5c77f190d8aee3 |
| SHA512 | e10711d0fb09db27192e9af05ae45b83cf3882d98e904a7f1f969cf24c2f9626f70f35d76f57477fe9c64a58bc74100410740e9d506d4e72d3e2900d6277816e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b20421aba6b1738af56e402aed7b5fca |
| SHA1 | 7b9e8f147c25a383e775cf4ce66fec5f050f8187 |
| SHA256 | 2b11af7c3e34fcb9851881ecb06ee601696a6e29b3d3f283f79b118bdba35ecd |
| SHA512 | 32eb6ae6c4009d43422f6abad7cd88f21b3efbd85c4a8c1fa45675f59f5c7a1d0839c6f73131522de5c0f5f1cec2dc9b4e2b00dbe68e060390cc5b6174ef9683 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 962dea703d481118192c03a9744b9ae0 |
| SHA1 | 6c3a9e3c31368e1595bc67c8d7399d21572081a7 |
| SHA256 | caa95d3c24fa22242a86d707f665551cabd6e17c2ec15904556746dd15f368cf |
| SHA512 | a447bc1e65582f388b6ab1c96436ebc0407b55847362e18e7788b5aa64aea1f099eaaf118e9541ce1d2f13ee6cbc11d418ece81901128839b22635cf22e1fb8c |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | fb459bef802f013994a9be982e0e6512 |
| SHA1 | aa6f9d8aa4e72ef0bca047e0d3eb5791f5dccfc5 |
| SHA256 | 87ca1668d6b92291e7c4631d422feacdb06654798707145bf9ff109c982dde8c |
| SHA512 | 2bcce6dba987df8371eb95fd5af5fcc46059373078789ce044ac87e54832ee7dff2a3346c9fba91c11d9dcc899702c46c33f0b9d9c26335e34ce23a986bea0fa |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 0ba362eaaaee823cb501c677abde95ee |
| SHA1 | 62c0a0cf58c5a370cb4c11df29c09bca39b2acc1 |
| SHA256 | 9e9d334fda37730b83f843e491546b1120d154f5bf7ef1b9a91f9b19552f2dfe |
| SHA512 | 53f4b154dd0fb310f42fe1a42b05faa83d0a259afff6c6c234a5a81c65b0b69e8bf2d70bbce6b4ddda4be0ad99fd4a33e306e0923459dc10f2821d2f26be79c8 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 2d8ffb6d8a7cc371cdb1b0d5d4b242ac |
| SHA1 | 4788049d795bd4cf51a67ab8db1d14226d94ba46 |
| SHA256 | 19dd4cf9090c08beef03b7bb0951f876f94f41eb04f92aa45f70abd9b7fbb741 |
| SHA512 | a63d5af5e21c65311cd708d02fd659c606b4839c23deb60edefbd409077b81f5f8007ec93cc5501a898a10d2aab908ed247b84f9d43574b8788a684d12479a5d |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 2de552fef2f08103f893d46e24d1a427 |
| SHA1 | c820d3455d46ad2a2cf508ba3443707e51e313a8 |
| SHA256 | 4f53d5a5b6ee0c4a7e3f4f76309eb63b53e208b07491705d1970e40570e7f0c2 |
| SHA512 | a63835d1ec26b87101d9cf2b5f9a7c16ef37315838d8cb101bb44dc221b4445e13e7f82de872fae7e4477250bf21fa53fd97a64f1a2a03b76f8cb868a0c40d74 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | abf632fd4fdbdeadc37ff9425039f11b |
| SHA1 | 2f406bfb0d48d46fbc286ee6e6ef64cbd8b72357 |
| SHA256 | 715e13f56237d018b6fde9c066b9873b8ea8075ab5e23ddd0ba716855e4b66c3 |
| SHA512 | 291c047a76d5001199aa40a9b0c68d410444afe5ec20cb48503381341fdfab938630b705f89359753cda813045ae235db3c836dc1b1d350d6aa225cc40652a0c |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | b3e478e87845f029b41a1503dd06bc7d |
| SHA1 | bc89669ddcd86ed71c6defae739b323cfdc55239 |
| SHA256 | 205f179de4b913800b2f16e35f251ef2d40ed220477f451301e51516898f3c5a |
| SHA512 | ae693463bb9030e5eecf2ba521e2ebad1a630077a2b103fd6d3538fd4d9d7ea15b5d58242d81d359dbcc792ab8ab4bd7e331e1af8671d7f44b740d8d24e412cb |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 076d4a76e676c4ed2a805051f2f9baec |
| SHA1 | cbaacb77611a84fb25cc228d522e8c0d6135bdc8 |
| SHA256 | 6b0cc4deb58f680dad71192b6baa27791d21a0ff4ac96bce9bfcf7533d39dfe2 |
| SHA512 | 08e47a0ab99d965918ae7d52f284a365262ee110e3d45c295b159454a975718bc498663a15cb4b23442bba022f563918ca6208ada89e0ae101220111ddae5d5c |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 99f2e933bb524dd11c9fe339f18aafa9 |
| SHA1 | ec98eb22a21349a4c140da23a306476e02a731ad |
| SHA256 | d57568cf1481d4a2fee893ee83afc1b7a7ea3ed2d59f09a090bd07e63a285a8a |
| SHA512 | 2b13a6275733e16af098141f86463614f8697e01272e4a2d71237be3112ece31fce496ede441f5dc20a30bdd87a50a65e6f00675664bec68f521004cc50d5ddd |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 88a2fcd93445c8b092324fe1236d31dc |
| SHA1 | f63653fe34d54b7e42e29689a934ed097329128d |
| SHA256 | 0783070444c465de8a21f7fc41f61d2bd535e995454e4086b2e01780e96ad419 |
| SHA512 | 3e44cce194b1cc3d6946d33dee6756f0333edc886f9ebe8149887c2e9b35867575ed47f15b2c384ed37aab3b8e37dae3369e1259d132bdf9bb832c70c09e8085 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 829d87c15a31b966693bdc2fef06f34e |
| SHA1 | 07138608d43a345234ced410b779374158d0d6d9 |
| SHA256 | 6611d043792d63f162e33d6f4681d132d993f287c3e21e91bd64e53d495ee52b |
| SHA512 | 1deab6e3de1581c092f3daf884bf1416f4604f08c6dc32eb1ed29c3a2f7880ff36333dd0fb1260777ee10d055935e4c0d1826271fdf12a1fa05fabf20f57e162 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 749e755b90ddef3d32441b7ba7eeaaed |
| SHA1 | 02add9bd6966c356b8ce92cdd49ad7ef04025d67 |
| SHA256 | c8006d24cd7b5f941b72e2cd4ceae206a267c2e5dd391e69515f01149d9f3cd3 |
| SHA512 | 07c757e91ecd8432662071a6d1c0108262436159b4b549b7c698f2820d8eddea82c88883bb0f9c318ec4d71438f71772bdb7b44b9267101d7ac45d7321d52950 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 942406172179b9d3b64cbfcf8285b7b7 |
| SHA1 | 34e6ece5008d83f4669403dea616a99e10978d44 |
| SHA256 | 88fe85a2a6fd64811dbe501f89fad74f111f0cbc1b9409e574610832cce79fc9 |
| SHA512 | 9b7411c5046ddf085e02df144a8b77bdd6ffe4f774e0a23cfa48a29fe6529516ad5965b4a42f82e51092dd8df00b7f022f1d6217baebedf0b34313779da5f75a |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 7eefcb910984a098a38fd4a6cc75f3fe |
| SHA1 | 8ed6e66c638c76b9f379d4024a14054c41d0373c |
| SHA256 | 9379910952b7c1caf06c9fe1b924e29034bb5d2a1451df5642b422b6d7901f04 |
| SHA512 | c1a15f7ad23ab3ccd806a1f9a9effa5c2146a0f7af9eca1e138093ac4931cc13270fdebeb125e746bca5a83a11c90c7b3421196dd95c680877aac2fc42567c28 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | afe4f84836fd4a1df2ad87d7e15ab2bb |
| SHA1 | 368ec7a9c62ca544674805dcac5517ba69d08d06 |
| SHA256 | 4412bf7683d74258b350d5efa78de8bdce73eafaa3c9417da6b22f71ff9573fc |
| SHA512 | a7c9e44e93e3643ca8807ef28c25f80fd28b8848c0fdfe6dbb3e8987887e29eaa8e3f4ac749144feedf616e7a32b4696a9f1c8e22d6c02ae8c4cc6e7b474818d |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | e122af4a2f2b2a0f9b835ccd537f8a55 |
| SHA1 | fedafa041006a6902750937681e6835fd37a5147 |
| SHA256 | f8cce09107b231110d891470f532311f6f4459a930e0582ffa52dfa5e1b570da |
| SHA512 | f9b644da31107858a5c87568d945c17c3e2c6636a7daa754efadb5554dbff6779d2ba71a028abeae08ba36d222111a330ef2588606427ff67b5f2e2c53b41421 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ea260c435f9eb83e2b5041e734ff3598 |
| SHA1 | ca70d64367cbdffbbf24e82baff4048119203a2e |
| SHA256 | 3ade659fdae17c11c3f42b712f94045691fbd0b413428b73e1de8fe699e74615 |
| SHA512 | 548624cc523aeb4136376f792d23b3f2aee4a676362f8a0dd0e8161f0df87ab926b82f67fc174eb5d9473c23f49e6ca962bc84479967f7e624250d94efa66876 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | fe669e0a3a56961fba38ef9b7f7d01dd |
| SHA1 | 338b6f4a3ec71587d53aec450ca5448928f966a1 |
| SHA256 | 138b48a413afa60daa506090fa4332d913a1f9d895b6c289c36dd7db00019d64 |
| SHA512 | ff0bc50cef59421253578172602a56f9f9b3a8988a16576eaf8a004792d330c708dbed95f5f4074fb2eec36d7df7f4a0392c88420d2b0678cd907056a23cd41b |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ad0010095a82da61b486dbe70cd90767 |
| SHA1 | 67d5a65f8cee8409dfcec2da99d290a2730cd662 |
| SHA256 | 28d651bd0e01d8ee66b46b064b05841cf33e44f3c55ee8b0612f5a812bf0de43 |
| SHA512 | 93a5f5c2f71a00ce760f1efe89280e259b3f75f1d04e3a1708d683c0b9a619fb5ac577e0d9f59c3b767c3b45323e3af9450362624526705766bf77a94b4aa827 |