Analysis Overview
SHA256
6ca11c8b6442db97c02f3b0f73db61f58c96d52e8a880e33abee5b10807d993f
Threat Level: Likely malicious
The file ADZP 20 Complex.exe was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Possible privilege escalation attempt
Reads user/profile data of web browsers
Checks computer location settings
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Drops autorun.inf file
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Gathers network information
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: LoadsDriver
Views/modifies file attributes
Suspicious behavior: CmdExeWriteProcessMemorySpam
Kills process with taskkill
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-26 18:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 18:38
Reported
2024-05-26 18:52
Platform
win7-20240215-en
Max time kernel
91s
Max time network
859s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\SysWOW64\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Twain_20.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\SysWOW64\Twain_20.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Twain_20.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DISPLA~4.TXT | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DISPLA~1.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DISPLA~3.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\helpmap.txt | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DISPLA~1.TXT | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DISPLA~2.TXT | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DIA6FD~1.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\format.com |
Gathers network information
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1036.tmp\1037.tmp\1038.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1381.tmp\1382.tmp\1383.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1729.tmp\172A.tmp\172B.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\17E4.tmp\17E5.tmp\17E6.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9587907971111260631-851033753-352530499-895022420-634248180608141378712059405"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2F79.tmp\2F7A.tmp\2F7B.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\32C4.tmp\32C5.tmp\32C6.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\338E.tmp\338F.tmp\3390.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6BFC.tmp\6BFD.tmp\6BFE.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6CD7.tmp\6CD8.tmp\6CD9.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7002.tmp\7003.tmp\7004.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8C67.tmp\8C78.tmp\8C79.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8CC5.tmp\8CC6.tmp\8CC7.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8F25.tmp\8F26.tmp\8F27.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1729067280125784518332926394615522280391771462773-1137740461-198823289191960747"
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Program Files"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib -r -a -s -h "C:\Program Files"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\icacls.exe
icacls "C:\Program Files"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\attrib.exe
attrib -r -a -s -h "C:\Program Files"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\SysWOW64\format.com
format /y /q A:
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\format.com
format /y /q B:
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1937748822-592140927-2117001497918371126-104482693-50366738-129198995-2102824034"
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\format.com
format /y /q A:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\format.com
format /y /q D:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\format.com
format /y /q B:
C:\Windows\SysWOW64\format.com
format /y /q E:
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\format.com
format /y /q D:
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\SysWOW64\format.com
format /y /q F:
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\format.com
format /y /q E:
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\icacls.exe
icacls "C:\Program Files"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\format.com
format /y /q G:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h "C:\Program Files"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\format.com
format /y /q F:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\format.com
format /y /q H:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\format.com
format /y /q I:
C:\Windows\system32\format.com
format /y /q G:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\63A3.tmp\63A4.tmp\63A5.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6BED.tmp\6BEE.tmp\6BEF.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\format.com
format /y /q J:
C:\Windows\system32\format.com
format /y /q H:
C:\Windows\system32\format.com
format /y /q A:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7272.tmp\7273.tmp\7274.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\82F5.tmp\82F6.tmp\82F7.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\system32\format.com
format /y /q I:
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\format.com
format /y /q B:
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\88B0.tmp\88B1.tmp\88B2.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\899A.tmp\899B.tmp\899C.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\format.com
format /y /q J:
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\format.com
format /y /q D:
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\calc.exe
calc
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\SysWOW64\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C1AA.tmp\C1AB.tmp\C1AC.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\format.com
format /y /q E:
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\D00C.tmp\D00D.tmp\D00E.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\D7B9.tmp\D7BA.tmp\D7BB.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\format.com
format /y /q F:
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\DD93.tmp\DD94.tmp\DD95.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\EB87.tmp\EB88.tmp\EB89.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\F0F4.tmp\F0F5.tmp\F0F6.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\FF36.tmp\FF37.tmp\FF38.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\56D.tmp\56E.tmp\56F.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\5BB.tmp\5BC.tmp\5BD.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\format.com
format /y /q G:
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1600.tmp\1601.tmp\1602.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1FC0.tmp\1FC1.tmp\1FC2.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2E8F.tmp\2E90.tmp\2E91.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\format.com
format /y /q K:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\format.com
format /y /q H:
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3E96.tmp\3E97.tmp\3E98.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "46698595549721866-2022478823-814324502-8855098-1284034353-3330239521163485836"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\479B.tmp\479C.tmp\479D.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\format.com
format /y /q L:
C:\Windows\system32\format.com
format /y /q I:
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\5300.tmp\5301.tmp\5302.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\format.com
format /y /q M:
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\format.com
format /y /q J:
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6087.tmp\6088.tmp\6089.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\61FE.tmp\61FF.tmp\6200.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\format.com
format /y /q N:
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8585.tmp\8586.tmp\8587.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\format.com
format /y /q K:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\88DF.tmp\88E0.tmp\88E1.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8E7A.tmp\8E8A.tmp\8E8B.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\calc.exe
calc
C:\Windows\SysWOW64\format.com
format /y /q Ñ:
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\935A.tmp\935B.tmp\935C.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\95CA.tmp\95CB.tmp\95CC.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\96F2.tmp\96F3.tmp\96F4.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\99B0.tmp\99B1.tmp\99B2.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\9C20.tmp\9C21.tmp\9C22.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\format.com
format /y /q L:
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\9FB9.tmp\9FBA.tmp\9FBB.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A219.tmp\A21A.tmp\A21B.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A351.tmp\A352.tmp\A353.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A64D.tmp\A64E.tmp\A64F.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 16088 -s 172
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\ABF8.tmp\ABF9.tmp\ABFA.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\AC17.tmp\AC28.tmp\AC29.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C820.tmp\C830.tmp\C831.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\CF50.tmp\CF51.tmp\CF52.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\format.com
format /y /q M:
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\calc.exe
calc
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\format.com
format /y /q N:
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
Network
Files
C:\Users\Admin\AppData\Local\Temp\1036.tmp\1037.tmp\1038.bat
| MD5 | 190e7cfa7d6de532ba4498ca3d38b47d |
| SHA1 | 7d4ea5ce61962c0445d955a44dd31226fa8c736e |
| SHA256 | faee2b0ac2218435a6973b87277b29010c988efefdcd7fe0e107808c2cc0f282 |
| SHA512 | 5a87b4bac67957acbc6dfab08cf9b3e1110e4b496b66110a44f7b2d0ec75b950d7569b6220c4a5ab3597db032e70b16d5a5e6ee4ab23102f6d12fea7bdc11598 |
C:\Windows\System32\Twain_20.dll
| MD5 | 8b6a377f9a67d5482a8eba5708f45bb2 |
| SHA1 | 7197436525e568606850ee5e033c43aea1c3bc91 |
| SHA256 | 6ca11c8b6442db97c02f3b0f73db61f58c96d52e8a880e33abee5b10807d993f |
| SHA512 | 644e51798399168530b05e629b414dd80cac678bd3c8d4a5d164f55736a2b2fd380d3ca4640f7a034c8f043c06b1527b473e2d17da088d5e97de6ea04120dd72 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | c7e958edc19c443add31bb07e3a6182c |
| SHA1 | 8bc3de5519924c099288c947c78e693114eb4b7f |
| SHA256 | 2727e319c67671ee0a8d15fadb11671927b4db54c0b7b10c65107150470ad4a7 |
| SHA512 | 9b61b933232ce919b97dd147bfa77470dddc77d55093422ed38ddbb35653119232e735393566dd19912a6abe6f0f8e06b73336e5d5221d29262adf5fb01cc9b3 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 4e71aaa85b945ab5dc2680ce12d8474f |
| SHA1 | a00ff196706e8282b02187281a7fa71f20c59eba |
| SHA256 | 411d8fc3a482880ec2b56a7193a4104130ca9554f1feb96db27c59a2b61303a5 |
| SHA512 | cea3cdb3eb537454ccf9773c80c111d8172dace2c79c62ffe18ac7c4373669d055fd9cc4929f9b6f4f376507a1319e37b0ba26373e40f4332d1acb025792b430 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | aea78da25dd9a4226b49abfadcc3977c |
| SHA1 | 1ae73fa0157801a3c42074f6d057712de6427e31 |
| SHA256 | 18d5c5a71bb9b2414e4a08a52eeacf10961f29c5c582964b3507896be885b3a4 |
| SHA512 | f4a2c037f59680fe9d7931866fac1d28c3006e1fbf128ff8b6cb8f3edd54b32854e3a51839f8aca9288e657ece7dd645875ef4db1160c92d1f515137fb245ada |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | e9e0e018c300605c3aae0f21c572f173 |
| SHA1 | 223d726941053cfa2597bccac184724f7fa144dc |
| SHA256 | b6dbf5552e4defdec4e8a7bf2e7d6c423f10ecbc42217e2176fa6695030160c3 |
| SHA512 | d7a694879c6c2aec5ee4393228bb9959140d54bd71acb2673ea5f7a4f9f2158b893d4ad038f175d15fb76026725b5505c2c7d620bf635217fbdd5fc78d9bbeac |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 6bc9ab9854695874c5338bd08dde7db5 |
| SHA1 | 8ae8dc91cd8b80dd688378a3eacb2750e2de8c3c |
| SHA256 | d4249fbe2df7ddc684f61bbba98e5d3312c85e5787d5500a73ff18a5abce76eb |
| SHA512 | e8fda27e7d1144816879b84fa04b8b3a7063f3841e57a1aaa918b5dfa1dc35f0f4380f89ca861c59ea45d884488e68309dabff15200e6b99038df4431e439f85 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | fdac6c0d6442c0cfe7c0b69e80227f0a |
| SHA1 | d0d9aea2bf7a4bf1b45237e2207d37830a578d8c |
| SHA256 | b759fa635b2bbce2570feea401c7d2a9735844d204f5bcdbc88f3a3a761f3959 |
| SHA512 | 7e5dc4b0876173f05f69f523d50ad573f5dfced10a771d1b28315c2a068b6f6c39ae5edd2433223f79e7d32b9180801746c9621de02cba026f93412b83339da4 |
memory/380-462-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/2808-470-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/2712-465-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | f9379027075a8b91d87d11a4764d8607 |
| SHA1 | 9d8a4d2282ba01999ca71af6258031f637254e8f |
| SHA256 | 9adcc837ef5e11eb31625b3bd9eb7280b40fd1e0596505153f1269d8414d6a4f |
| SHA512 | 25bbc44545384fa8d4b86b876384a9373c2439fc86a3a2f1b4bdabdbd6ddae39f4874ee8db01940d49ab6cd7e4a8bc032de47cdb8bb60d37c71a985fb5397169 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 8baba4f2db685eddc1a67c2d81aa5aa0 |
| SHA1 | b4ff40694ab600df7622f7ec1b9aba9d4af3dcb2 |
| SHA256 | cd0d58f05345088cb4fefb7c2b8bcd7517e493d49360cabcb93eb09760123ab5 |
| SHA512 | 5f914af4c95f427cd60b10b4e55b48bcc6a2a9520e28309bdb1e7bc9954291dc5946ce4850e5a8cf675eaf7df85e352bad23995c01591a762b444a0632f923f6 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ad0010095a82da61b486dbe70cd90767 |
| SHA1 | 67d5a65f8cee8409dfcec2da99d290a2730cd662 |
| SHA256 | 28d651bd0e01d8ee66b46b064b05841cf33e44f3c55ee8b0612f5a812bf0de43 |
| SHA512 | 93a5f5c2f71a00ce760f1efe89280e259b3f75f1d04e3a1708d683c0b9a619fb5ac577e0d9f59c3b767c3b45323e3af9450362624526705766bf77a94b4aa827 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | c7f2bc79dba9b078638f4692947066b0 |
| SHA1 | a42bea02d22367788cb2dc77f68ea754c244a50c |
| SHA256 | 7be75820d337a48c320e260fb71f40a5a0cbfa5c8c225bec5ff23c1cc15566f7 |
| SHA512 | 33f2a1c3708d4b3b353122105931ddb34dc4be146ffa73b24dee1eaaeb60f0eed2c3bbf4ad84d648f6408c8b9e0cbbbc421864514c1e057b0cea2c12b2c5d296 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | d5980bf4b018e4c397df95afe8941c66 |
| SHA1 | ce53c669a898d09479831bc59bc31a5fba2a6f2b |
| SHA256 | 9afd004a8cb9b9e8b1eeab780fb0c4ffa39c3ec2ded034b1a7cd69db7f67872a |
| SHA512 | c995f9d3252b9a7af52a398562261baf3297fee64fade9de22895cce017e5aa097c7935a0519e474253a181e1e018348a1ade3d953bfaff5dc43e30e2d9fde5f |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 089381a847f01ba0962ae00f0d92d5e8 |
| SHA1 | 9f3240f89871639778a318e0cadccafcf9d7c55e |
| SHA256 | 2cda289b5067c9daf8b4dffdf323b2fe9d0a47bfdbb91b4a017029bc74729c05 |
| SHA512 | 89fbf1b423f17101970290b070d740b8d58beecc6723e64edb7ae23b9285afe3a612b8e8f5ec202d60aca3875a28dbc556a43af9fe4113ac0bdba1fa83c5213a |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 05a4d4594b598cfe885bf862787b8cde |
| SHA1 | dfb26e156e88af25bd00db0bc788b81c521a4db9 |
| SHA256 | fd8427db8c0c5ad2c7a8fc36c18f9400e25bdd7dfd1d267ec11a7a94bdbd1cab |
| SHA512 | ac1f87eabd69e1939f463c8710cdd1ba8a886ad6509d26d0fac4e09ab82056cf952b7a0cf2ecb55bb0549fdb0aff6457133eeb6b7b222df58f773f91df101136 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | f8ee3c3d9422000b1507c8fd11306f1b |
| SHA1 | 2cd840fbe720e8511357d4c2cbde37a5034ae6e8 |
| SHA256 | 0b262af01a3b2a55fdd57c958c2c387b28842aa95bae76186316666a6661052f |
| SHA512 | 9d80719a985a7bc53c4c2e4c42a213c21b81d47e41f98f3a0d1c3ac8070672811cb2380ca1a6222badd5e50a8803ac96935fa67fea72e4e5c02531cfb5602a6d |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 03f0ef4961ee3f5ebc91e222ad5c3a55 |
| SHA1 | 130947f0716f672e1c0577f60471dfbd9d1f3435 |
| SHA256 | b2cf1c83480bb2e69599e063be75ef8188b20c82a03998098d13d42c11502d21 |
| SHA512 | 641784c8422a15360449ae9d79722e4d6d5752ef8db0a6cd8e1d71e78c5994dc9e790f5e875a7314be603feb42badc587bf79e8f682aa94b2335443ea8592671 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | befe91afd78abb4d0e8a58c6c0e5aaf7 |
| SHA1 | bcf76118a189eb8e3f2cf51019801a040e730c03 |
| SHA256 | 42501492cafb8ef4bdbbe53c58e7990a05df2474363316ac912b8835adad91b4 |
| SHA512 | af17581a55b569446415ee2205671b474984c8c2b9f05d63d8f0d3b82439234d6e664ee9542a0ec3976f25c7833141e3f3d800b3da4ca6a0e9219717eb9942ca |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ea260c435f9eb83e2b5041e734ff3598 |
| SHA1 | ca70d64367cbdffbbf24e82baff4048119203a2e |
| SHA256 | 3ade659fdae17c11c3f42b712f94045691fbd0b413428b73e1de8fe699e74615 |
| SHA512 | 548624cc523aeb4136376f792d23b3f2aee4a676362f8a0dd0e8161f0df87ab926b82f67fc174eb5d9473c23f49e6ca962bc84479967f7e624250d94efa66876 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 844ce5661f80c476124a170d06f58b1f |
| SHA1 | 1f3c82b60108b0e8681aa4a096c43a2a9b9ac492 |
| SHA256 | ebc788a61138f8aa24d042feaf1f3d82b1ad9ba1265b43857dc36e081bb9d070 |
| SHA512 | cc667b0d981c52b1e16d8179076e1097cc9ea47a20af14589a004a3f1280a5246c62eaff97f5bffc4681e0499d8e5ac3620f99dbbd5aec819df505835bf98305 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6989502044e4a9fca67e9ded25de9956 |
| SHA1 | 9a8d099caad939d32599530b27f7db641cbdb8da |
| SHA256 | b370b54e95376f4b6df27592bc23343c82ebbfad3d52e71a38a2aac504bda04c |
| SHA512 | 9f0e6d59d9adc531f5c162b964205e0dd63c6a956291af48d24e6b8988a940b6f2cc7644a9163277e6383a6d9f8ddb00c9687d73426ea776c691e73f66e95a5e |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b20421aba6b1738af56e402aed7b5fca |
| SHA1 | 7b9e8f147c25a383e775cf4ce66fec5f050f8187 |
| SHA256 | 2b11af7c3e34fcb9851881ecb06ee601696a6e29b3d3f283f79b118bdba35ecd |
| SHA512 | 32eb6ae6c4009d43422f6abad7cd88f21b3efbd85c4a8c1fa45675f59f5c7a1d0839c6f73131522de5c0f5f1cec2dc9b4e2b00dbe68e060390cc5b6174ef9683 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 88a2fcd93445c8b092324fe1236d31dc |
| SHA1 | f63653fe34d54b7e42e29689a934ed097329128d |
| SHA256 | 0783070444c465de8a21f7fc41f61d2bd535e995454e4086b2e01780e96ad419 |
| SHA512 | 3e44cce194b1cc3d6946d33dee6756f0333edc886f9ebe8149887c2e9b35867575ed47f15b2c384ed37aab3b8e37dae3369e1259d132bdf9bb832c70c09e8085 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | baa511e0932e6c0781dd1488615d17a6 |
| SHA1 | e3218aefe8c272ade02eb6cc5188df6d50b04de0 |
| SHA256 | 20fa853d5be5b8f30eeb6ae3e24558a2091d80102944ab26b9861df5cea6c6fa |
| SHA512 | 24be7fabda63dd82dfb5307e2ae0dc7176bf59c0918f1316bddb7515e0695b10cd6e24420af4afcda3d5f1b01e3d540a2d75a629f40c381da05eb3c28ff4697e |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 3fdd19fb2a886abcccbbb2d3253b43ea |
| SHA1 | 56f40cec4c6287084f3fe5147a929e9c6d81ab41 |
| SHA256 | 005939c96c791e50f2aa446ad812e3bfeae8297fee51c7f6e543d1d6571882a3 |
| SHA512 | cdc92751c460ef659637ff239479503f13c701bddb704799e173e6b2e9ad90fd551b5cbf2dd060ecadc0f9f450e2c49656a74a9a36f7d82b919d92dca234e467 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 1f80af1e52943eb8ab3fb88030288e93 |
| SHA1 | 63f66fa76fa9c2c8daeb15f93ad354229c133e87 |
| SHA256 | 2b80e3f899d97ab0ed5db959a3853a12c73a4a0eac192b7b7196a8bebccab0eb |
| SHA512 | 1aab31f422a3da73f523dfe0cf1470b58fed12d36ae999bbb7f37e3eb384d6cf92c73c54889aa77d82bc14e4d9b90eb9eadb3cf47ad5024b2872302b9bd0c291 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 5dfd819273a34eeb1a213e66dd8308a7 |
| SHA1 | 65291936bcbe05742a6bc15d989d5e3acff59998 |
| SHA256 | 7699fff0e361a55cce19ca7922fae4f70eb6ca56b770223fab5d1fd936b0a184 |
| SHA512 | d19cf3e05df7d5d1f360d20a47e2658d03067cffce1b767bf2e430ebba5f49bcdb37e9c098c195c919682bf90b5a54c508dad587bff3f4c1c73ac6065b019913 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | adad2cd23a8880d4b3bdb1481c5b7998 |
| SHA1 | 823fc1acc3e7a3f0cffab5cb8fa453a8c0d1872c |
| SHA256 | 838ba55eb15df2e0145178a20b4d01314d0fcde04ff871649012eaeba6bbfb69 |
| SHA512 | 8c600e32157daef85549d0a19a40f38e812e05cbf24e51453fa1ea94435e55fe4a705e77d42a4f63f3c565da98b4e69f1ed7bb6f3dbca65e80b17526954e60e4 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 873781e160d6c7a2c7100536f95e373a |
| SHA1 | 439389553b0f4b61327c0160a92e4c8ddca8f84d |
| SHA256 | e244905c9acc529b7d7dbd58453f44dbd3f3d627bba23adcf375afde9b6b2a35 |
| SHA512 | 1116b365d1e44dbad9fcdf462bb3467dbe3ab8b40a01c7dc6d516b24d2b1260c405cbda80f7a1177f89412a2db726a68e6ae2ceee839c117061ecbb75a06a4aa |
memory/4072-1743-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/3684-1744-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/3676-1777-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | fe669e0a3a56961fba38ef9b7f7d01dd |
| SHA1 | 338b6f4a3ec71587d53aec450ca5448928f966a1 |
| SHA256 | 138b48a413afa60daa506090fa4332d913a1f9d895b6c289c36dd7db00019d64 |
| SHA512 | ff0bc50cef59421253578172602a56f9f9b3a8988a16576eaf8a004792d330c708dbed95f5f4074fb2eec36d7df7f4a0392c88420d2b0678cd907056a23cd41b |
memory/4196-1953-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/4312-1957-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/4452-1958-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | b6957bf19cc51a25a9500aad7d3cee2d |
| SHA1 | d03db03ae31f0fdc799538ca51307bb3dc914873 |
| SHA256 | 62bde1ceb28b3ca2701a708724e6e9b94adfafaba6066bc67d6117d38f64c733 |
| SHA512 | 13f9f5e553f93b8d0f9d2707c904fe5837597e257e92625c0004e43ea8477ca927d4aaee3db767766d1c5b301b4ef8051ed886fc74d599b0aa852f741dad98a9 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | d74985a2cf4cd980ed6c1db6158b63f9 |
| SHA1 | 3799d3e45bd1bd9dfe6b9524c7c8152f5cba4387 |
| SHA256 | 647890a17896b5ddfe8f8e8581e94ef1ad51e8e6307e3b9750962f46b11c9042 |
| SHA512 | 72afc24fd1e7a8d230aa68c72a9df576b1596e663868d2f6addb74ecc11a025d59d6412b4829beef846e86a99dfe9a5237bf49847416771e41494c7f58271366 |
memory/2712-2709-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/2808-2710-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/380-2708-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/4072-2909-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/3684-2916-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/3676-2920-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/4196-2987-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/4312-2991-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/4452-2992-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/7880-3154-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/7320-3155-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/7628-3156-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8208-3157-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8500-3158-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8692-3159-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8984-3200-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8420-3207-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9460-3208-0x00000000FF730000-0x00000000FF765000-memory.dmp
memory/1080-3209-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/5212-3230-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/1480-3271-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9460-3272-0x00000000FF730000-0x00000000FF765000-memory.dmp
memory/8896-3276-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/6512-3277-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/6716-3284-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/6804-3285-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9244-3286-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9452-3327-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9604-3368-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9668-3389-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9760-3390-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10200-3403-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9448-3407-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9812-3488-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10376-3667-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10840-3677-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/11108-3685-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/7880-3690-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/7320-3712-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/11256-3755-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10436-3786-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/7628-3830-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8208-3882-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10660-3883-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8500-3888-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 860e30812b58e6c1232adf06bd90b103 |
| SHA1 | f890c3657fa6b6e27b5dc7334291c3c525483d43 |
| SHA256 | 18943050583976fd7746bb896bf2101c2cbfdecf9e40eb9c2a45892e442797e3 |
| SHA512 | 81602b4fa3107da0d35b5a2259dfb1724771a94b3b3510a6f0e32f701d51a2712f7eaa8fe296c99d411401298e90ee19dcf3c872afda6cb626edcfa63f6db391 |
memory/8692-3938-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | c2ad111a08afc24b3b049268249f7684 |
| SHA1 | c8bb29425d2a9f2ab18e788eebcbba6ea8e72c4a |
| SHA256 | 5b27e40b2fdfcd2d7a72531ecbd822a673dfdad55b2f9b4f8238ed96c083ca18 |
| SHA512 | a6ccc4d657436925529995efbbde77127b17f887b06a3d207963bb4291e60b739719882d2a3d72fe3000d2c2b452591337932cc44929e77a9005018d98f5c97d |
memory/8984-4093-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8420-4147-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/1080-4154-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/5212-4191-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/1480-4247-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/8896-4354-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/6512-4355-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/6716-4433-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/6804-4490-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9244-4495-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9360-4541-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 86eb4d9f9b800900dfa098955515861a |
| SHA1 | 58ad24e85652d6853ec7ccf772e24675853cb2ec |
| SHA256 | 517d3983cd24a89846e804163401c929dc56704c15ef852ee8f38e40f40ca9c9 |
| SHA512 | 5711eb08f823b0e36b5203feb6c0806f3051d821d6f1820bc67c8ff311150236d48a8a401cb3682029dbdf222d55d8b32fbb1d11c05275b7948a4fffad945102 |
memory/9452-4544-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9604-4549-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9668-4583-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9760-4627-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | aef1b893afd1f7254443627e54862ce8 |
| SHA1 | 90da5d9040f1e2e20f743768be0be5c78c9d4fb9 |
| SHA256 | febd268bab6d9f18949e8ec0c703eccaa7b1b52ee6b41cda9dd52c0edc80cbe2 |
| SHA512 | 6dd7bc42113bebb924a55d28ee13b354c4a12337f0c7442426a0809fbd0985764bdbaa3ae39dd45f1c79147a9b00bbbbd92d38e4af78ea0439e3b6364c0f0333 |
memory/10032-4680-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10200-4683-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9448-4711-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10216-4780-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/9812-4825-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/11732-4984-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 474c84d8ecdc147ccd23378f690bc86d |
| SHA1 | d9e0fd0eaba5ce5e8f0d95b3e433e72007fcb633 |
| SHA256 | ce44ab8822f9a82c4d4df5ef51af080f5bebd443bb7f777e9d9a649642d57ea1 |
| SHA512 | 96f3866c6453dd411f3c36dbf31aa3767afe1d33105d309b87ddbfcf6dbfecf45e34986559ca95e239334ccad5b86c3a0b0bbc695b63d7279bd281ae8721c038 |
memory/10376-5137-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/12532-5138-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/12952-5215-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/12568-5230-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10840-5227-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/13052-5290-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/11108-5321-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/12372-5322-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | 564141dbd218b1e30b13316935c43e9d |
| SHA1 | d7bac58e12d41ef4aa1a573aa0065ba1bbec20ca |
| SHA256 | 22b820d4ad00e0158a46c095b8a3d48bbdf7457d7eee3b0b4a30e5cd940e12e5 |
| SHA512 | f5b0d42a863da5f8751763f140fcaba5522623dea697e40eff658f0aa04f5ed5d2f34248e91551cb9c9ad0e96a6280d1bdc102404fd971cd9be09b0a9473cbc2 |
memory/11256-5382-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10436-5388-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/10660-5486-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 0b367ed317409ec13f369ffb7af778ec |
| SHA1 | 373c56151780d7504d988f41fe59f89d3a1d0402 |
| SHA256 | d4d713b596bfd59b9e2c927a67e29a8798ec3104ca9b14475252ebeeca831cf1 |
| SHA512 | 874ea22eed528fc9964973c62688661f51b1a560a99843c990317b3c4c017a0f7948bc4ea7c9839e8d44600b532965f0a3d20fa4212203294390e78e373b0420 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | 118bd91b0fde6daa9dfc450a8497bf35 |
| SHA1 | 1eddb555e4c645532dc9bafce5c944a5c232f782 |
| SHA256 | 01873b60e0a3f8f37719f48658d3d2d558dc41ed13a91749cb4931846328e086 |
| SHA512 | 5398d5b4424ee136c8a3f18d49366d4e6e8e4b19fc2f05b787f36af3456563cc25a472914ab6153a67953c4479a528ee04e9dd4dfb3af91e32d1fada3ee37067 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 93f0c12dd24629104a0a4cc5140e8046 |
| SHA1 | a5fdeb4e56fbb5d3aa98d379170127499df63b50 |
| SHA256 | d774551e118e16cc18a138934da28ce38628f73a6a649dfb403c86f6222be36f |
| SHA512 | 15e7d0f749554db295d7608f3093164c5c93689292ace3120f5817ad0fcae16bdb3ec39aee05a802b01108b0e7986a15a4dded49478ad4668d1eab07bc2ba713 |
memory/11732-6836-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/15500-6871-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/12532-6905-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/12952-6987-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/12568-6991-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/15932-7012-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/13052-7024-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/12372-7033-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
memory/16340-7059-0x000007FEF78F0000-0x000007FEF793C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | eb2974be8c14d958c50b11eaed55cd7e |
| SHA1 | 697e7e6541d08ab179be0fe7769664f21110e28c |
| SHA256 | 8f1c96ec063c2f316f1bb2b1434021a87f90ef686e6950e8c844a8b289710d29 |
| SHA512 | 8f75c33f102140143db81a30b57644beaf1b48ca0e94ed9f733f6dee04c5b99accdbc509f92233b943a316324d177c59aea8929f63ea314ccbe6cdbb58b68eef |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 63d77ff049ee69c5f08e8958bfacc702 |
| SHA1 | bb610a43e7032b070ee68d1c5872f9cf0b152ed0 |
| SHA256 | 80ad9a66a1fa96e99cf676ae4c4cfb6eac98c753671eee86aa0e11796b69c1b2 |
| SHA512 | b20f366905676b255c0003b17b7ac7f3bfca93e39f4b6a08c8f3517007ac7ec2f30b3f2c8d6b3c169084c64e461b258f50372d22f0ace9aaa79dd13f9c6b7ca9 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 93e37b26523cb1b16f9aeb2b52b406d3 |
| SHA1 | cda845df01faae6c453b3de60d62ce9558dcb299 |
| SHA256 | 1c69c5d9ee46efa0ab40dde28912100e790dac2b2873556db8989a7f296ce684 |
| SHA512 | 9f67802b40a7f317dd2444bf14be6caa3d357b2a7efba02e7614f5fb3368a54a4857e2d6bdc1d1b08e820a67d32b630e6229f77d1dde3bbdcc6df7cb4565f647 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 6016bda2145a93483e5e51002b1e39a1 |
| SHA1 | 0164f239279cf744c0f830b36a6a70c71f5f19dc |
| SHA256 | 992a0b79bf28b2023fb9b6e54ca7325a566ed7bf6596bc8d1659d277c54ac998 |
| SHA512 | 6eb210d55d0a35930517ea6a4bee2de92e387d7e51a8b0503b3945f466da188d230ead4998cace06872b8a83bc08f03d22d9e48d76815a69d9c991b88f67a28f |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 246cde25337c679b596c2d53e727818b |
| SHA1 | be8c4e14d3c97c7eeaedf66d70d4fd040d4c5169 |
| SHA256 | b00d0e7967b0afb88dd393e6bfa547376ca839e2a4480fe01fec1cc89fe19517 |
| SHA512 | 2cc4e09f46009ccc9cfe5e61e81f96aa94162f142585c235084c1b097fbac9868a34e1e1f1dac376d75434fc09d5e52e084265b16eccd841a4be942c12e93c9c |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 0ff367486d1527280623efdee188eea3 |
| SHA1 | 3d504c20093d951ac56fb41c7e1203ed738637ac |
| SHA256 | 22b2df5c5d3a0492d851bdaedbbc15320cae2584e26b65d73ed2b122aad7d1cf |
| SHA512 | f0823c414205893b4d5356666cca5468372a7f93d71f3da17f024c111a98f2adda5064ded2a6938682e2c2104a5d71ada4e43ffac8df7a420c5044afacbf2ded |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 2c5e15f9e06dba5e6ea35e764e991e9e |
| SHA1 | 527202db655cc9ee731276db9fb3078699deef86 |
| SHA256 | ee47f2b9880484bf85818cfb1f01ce1617cb186b049ce2262591908ea1e095bf |
| SHA512 | 5c3fc9ffd72c65fe16db66bbaf34964820442685ee1401ec1a547183b4177550562c24bfd5eeb38ba6b6820f7ed031f68f16db1b7496e1701f7ced0317f571b6 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | ff928fe22f3143dae9b14add41ce6f3b |
| SHA1 | f5e9958ce2dd8e284a47f3f945460ce8ce699ad4 |
| SHA256 | a40db99f64d0e8217edb04a8e18aac9d2736b3bc11b0a9cf0aa9eb888d453ff9 |
| SHA512 | 81a9967239043816dbf33b660b8d877beef594400ce96867c018bd8918400c2048b563b8b53c494cc2427478b374ba70287a2fe74dd77097c59c6d3969483897 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 18:38
Reported
2024-05-26 18:53
Platform
win10v2004-20240426-en
Max time kernel
888s
Max time network
461s
Command Line
Signatures
Modifies Windows Firewall
Possible privilege escalation attempt
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
Executes dropped EXE
Modifies file permissions
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Twain_20 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Twain_20.cmd" | C:\Windows\system32\reg.exe | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\Autorun.inf | C:\Windows\system32\attrib.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Twain_20.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Twain_20.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\Twain_20.dll | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\SysWOW64\Twain_20.dll | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
Gathers network information
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\calc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Processes
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\34CB.tmp\34CC.tmp\34CD.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\40A3.tmp\40A4.tmp\40A5.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\40C2.tmp\40C3.tmp\40C4.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\40D2.tmp\40D3.tmp\40D4.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\55FF.tmp\5600.tmp\5611.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7AED.tmp\7AEE.tmp\7AEF.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7C64.tmp\7C65.tmp\7C66.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\80C9.tmp\80CA.tmp\80CB.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\951C.tmp\951D.tmp\951E.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\954B.tmp\954C.tmp\954D.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\956A.tmp\956B.tmp\956C.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\F2DC.tmp\F2DD.tmp\F2DE.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\FE84.tmp\1F0.tmp\210.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BF2.tmp\BF3.tmp\BF4.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2A66.tmp\2A67.tmp\2A68.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2DE1.tmp\2DE2.tmp\2DE3.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\337F.tmp\3380.tmp\3381.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\491A.tmp\491B.tmp\491C.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C222.tmp\C223.tmp\C224.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\calc.exe
calc
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\CADD.tmp\CADE.tmp\CAEE.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\CFED.tmp\CFEE.tmp\CFEF.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\calc.exe
calc
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\D721.tmp\D732.tmp\D733.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\E00A.tmp\E00B.tmp\E00C.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\EEEF.tmp\EEF0.tmp\EEF1.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\F671.tmp\F672.tmp\F673.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BDD.tmp\BDE.tmp\BDF.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1A64.tmp\1A84.tmp\1A85.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1C96.tmp\1C97.tmp\1C98.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\Twain_20.dll
C:\Windows\System32\Twain_20.dll
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2AFE.tmp\2AFF.tmp\2B00.bat C:\Windows\System32\Twain_20.dll"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6A49.tmp\6A4A.tmp\6A4B.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6AD6.tmp\6AD7.tmp\6AD8.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6C2D.tmp\6C2E.tmp\6C2F.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8B2F.tmp\8B30.tmp\8B31.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A3B8.tmp\A3B9.tmp\A3BA.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\B07A.tmp\B07B.tmp\B07C.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\calc.exe
calc
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1BB7.tmp\1BC8.tmp\1BC9.bat "C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe""
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Twain_20 /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\SysWOW64\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Twain_20.cmd
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Informacion.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K Taskdl.bat
C:\Windows\system32\reg.exe
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\reg.exe
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\ipconfig.exe
ipconfig /release
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32" /reset /t /c /q
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32" /r
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs"
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Virus Detectado
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\taskkill.exe
taskkill /im DiskPart /f
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Windows\system32\msg.exe
msg * Has Sido Hackeado!
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\calc.exe
calc
C:\Windows\system32\attrib.exe
attrib -r -a -s -h *.*
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\mspaint.exe
mspaint.exe
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe
"C:\Users\Admin\AppData\Local\Temp\ADZP 20 Complex.exe"
C:\Windows\system32\notepad.exe
notepad
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\3b96511061ef4fb5bc4e98e977a6e925 /t 3904 /p 3876
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\808dc9b3f60240028c8e81d6669099a6 /t 1776 /p 4536
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000124 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ec 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000010c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000010c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000dc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000c0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000124 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000248 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000014c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000010c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000c0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000134 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000118 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000fc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000014c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000120 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000dc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000013c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000110 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000dc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000110 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000001d4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000001bc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000198 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000016c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000160 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000124 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000134 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000013c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000013c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000010c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ec 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000012c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000168 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000dc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000168 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ec 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000134 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000012c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000012c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000012c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000c0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000012c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000fc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000158 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000158 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000012c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000158 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ec 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000108 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ec 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000158 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000114 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000174 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000013c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000168 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000fc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000010c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000c0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000c0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000fc 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000124 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000174 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000180 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ec 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000134 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000013c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000013c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000c0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ec 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000188 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000ec 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000010c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000c0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000010c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000188 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000134 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000104 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000188 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000158 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000124 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000188 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000158 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000188 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000c0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000168 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000174 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000144 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000d0 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000188 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000174 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000188 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000188 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000012c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000124 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000a8 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000128 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000140 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000130 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000011c 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000124 00000084
C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000174 00000084
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\34CB.tmp\34CC.tmp\34CD.bat
| MD5 | 190e7cfa7d6de532ba4498ca3d38b47d |
| SHA1 | 7d4ea5ce61962c0445d955a44dd31226fa8c736e |
| SHA256 | faee2b0ac2218435a6973b87277b29010c988efefdcd7fe0e107808c2cc0f282 |
| SHA512 | 5a87b4bac67957acbc6dfab08cf9b3e1110e4b496b66110a44f7b2d0ec75b950d7569b6220c4a5ab3597db032e70b16d5a5e6ee4ab23102f6d12fea7bdc11598 |
C:\Users\Admin\AppData\Local\Temp\Twain_20.dll
| MD5 | 8b6a377f9a67d5482a8eba5708f45bb2 |
| SHA1 | 7197436525e568606850ee5e033c43aea1c3bc91 |
| SHA256 | 6ca11c8b6442db97c02f3b0f73db61f58c96d52e8a880e33abee5b10807d993f |
| SHA512 | 644e51798399168530b05e629b414dd80cac678bd3c8d4a5d164f55736a2b2fd380d3ca4640f7a034c8f043c06b1527b473e2d17da088d5e97de6ea04120dd72 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 72946942abf5cf295f726b816c531ebf |
| SHA1 | 8ac5ccae8003c3776c2e0ee0959a76c8bc913495 |
| SHA256 | d9fc0446467e00e640f0dd0bf36882943a6993dcc1038ba8f73239152896eb25 |
| SHA512 | 2f42b10e2c1359a690e1a69e307008e3beb4712e4c071d916fb1380c61cb2ed3ae48c86af44c6f1c9d613e85dd75d8cfd66fd01de0649444ee6d5193d9789d23 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 0c998e3681eb9f67fbacda38281c5fa7 |
| SHA1 | bd3e89780f374c54c5dfbe3fab83a926ca5803de |
| SHA256 | 3c656f47268598c5bbe3ee4661b4f8c7dc09420cf393a6e417541db3c6020205 |
| SHA512 | 11e3fd1d141bd23a2b0f17665f0f57e5a606fdd82555a7bd88cd533863ce4269d8395f8963d1cdfde93efbb0817486db48c3b593f8de35e150e2395daadb762e |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 11aa52a7eca2cf8fdcd1584b5a8b6026 |
| SHA1 | 01ae6066e6b3879cb0caf306cc91077b7c0bea1e |
| SHA256 | 8dfd0a6db2df60455840dbbbcc4f8b70d730ba1c2afbf300316898b3dd3e9b11 |
| SHA512 | 07f37c050eb59e7a1a228ca851d05ca9b62bb3de97f988fb36c374c827833c8c551e5cb51eb05130861c0b35515ca77ae667ca97ee4f08c86cdf9f6fb64533c5 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | cfb046d3c9513b92c1b287da26f97c28 |
| SHA1 | ea8208c4dad826b7fdb3b5b728863a95e86d4383 |
| SHA256 | a06f170d4f92bf290e38b0ce1c05bb59c95de2797b1a5253b949ad7e1be9818b |
| SHA512 | dbeeea4d284f59e1455a5426334caa02458e88833aeece9817c51be616697ca4c399b2a9d0e8e44bf4a5ee63d0b37c0aed68c01f1748fa5a23ed6d2af62b3340 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 8c8ff6a844edd52318e043a43034dee7 |
| SHA1 | 57ee0ba89c5ba879ccda08c8b466d0151d99dc13 |
| SHA256 | 8e9ad1b933e2f85ea8de0fe48ed4d04073926a6faa76b936dbbea6083334fe52 |
| SHA512 | e9130a9030f55b4b6ae9b33f1458f644d5192d9a9fb0b817b83635dd317cd77912f716e7faf836c97ce72d8d42e05ec85ea582f9a09c04cbe02cdcf857937f1b |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 888e64c554686bbbc0499057cce1af36 |
| SHA1 | 5a7f51c66e3ae7dd0e0231c9817aee8c9fc54006 |
| SHA256 | 616cf19739e00c69e9606d9c94869f6fcb6a7b3860e7b8af9bc896f3081dad0d |
| SHA512 | 9882375fdd09d489258447d49b8b63d0bc8db57cdb7186500c00c79d57f30af5f37a69e8fab70683a7c9d730e3484ef537ee57bb1892a84f92e9aba639d1d227 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | b39df423c6e5978065a9a8ec4879a3b4 |
| SHA1 | 96441a7a7d8090f7a96a1160f539531f66568e88 |
| SHA256 | 12a5135510016abcfe1192aceb6fec42634346661d778d68be1debaa3d75e967 |
| SHA512 | 2d583fcae1ec73f836c5b66b8b1337bb4250a8230073de96d501a4fab5f522b75599ac2a1fcf1457a841d8c84bcccb88feade82f49357b28345c63d9526cfeb4 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | d3715d7f77349116a701484780269375 |
| SHA1 | 589c48410637ac33431569b867070a51c4de5b1c |
| SHA256 | ea0bdd86d283aba33d619aeecb5087ad9132b58e8ae7121e3c3774504abb976a |
| SHA512 | 9526a79ac4f9a18104f8e84d684136eef9b6bbccfe772d1d1030d9be02de2f7221cdee248ec748971551a42ed1d8fb1c8a9d820b837164f68376cdee1dc8ff3a |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | c7f2bc79dba9b078638f4692947066b0 |
| SHA1 | a42bea02d22367788cb2dc77f68ea754c244a50c |
| SHA256 | 7be75820d337a48c320e260fb71f40a5a0cbfa5c8c225bec5ff23c1cc15566f7 |
| SHA512 | 33f2a1c3708d4b3b353122105931ddb34dc4be146ffa73b24dee1eaaeb60f0eed2c3bbf4ad84d648f6408c8b9e0cbbbc421864514c1e057b0cea2c12b2c5d296 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 03f0ef4961ee3f5ebc91e222ad5c3a55 |
| SHA1 | 130947f0716f672e1c0577f60471dfbd9d1f3435 |
| SHA256 | b2cf1c83480bb2e69599e063be75ef8188b20c82a03998098d13d42c11502d21 |
| SHA512 | 641784c8422a15360449ae9d79722e4d6d5752ef8db0a6cd8e1d71e78c5994dc9e790f5e875a7314be603feb42badc587bf79e8f682aa94b2335443ea8592671 |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 3098ebe83b5b5e6bc0e73d3a3f0762f0 |
| SHA1 | 18edcaf1de17688fd1bb7ee192c0e0d000ffe705 |
| SHA256 | f751e41449dca4ad3d10ca28c07aa608465160a51865bea69a2974782d681857 |
| SHA512 | 82ebe4fe80d0e21da5c788a9b5ce88097518bd46d6c5ad2fd200a0af375dc979269a3eb11e1c833f9b67acfe5a13eea79c3181b6924f5ed0953c9ada95732f15 |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 05a4d4594b598cfe885bf862787b8cde |
| SHA1 | dfb26e156e88af25bd00db0bc788b81c521a4db9 |
| SHA256 | fd8427db8c0c5ad2c7a8fc36c18f9400e25bdd7dfd1d267ec11a7a94bdbd1cab |
| SHA512 | ac1f87eabd69e1939f463c8710cdd1ba8a886ad6509d26d0fac4e09ab82056cf952b7a0cf2ecb55bb0549fdb0aff6457133eeb6b7b222df58f773f91df101136 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 482dcfe952218cf31ad2adddd8f6616b |
| SHA1 | 7a6bcfce28c76bc3319c871696531d21200f3bc0 |
| SHA256 | 093b0f0c3f7a9bf24406662245b57f171837a266aba49f198319045e971e77d5 |
| SHA512 | 440182ba5cd7c85abc11fe9097a41486469afde738d26f471efe4e7928106cd57240b1045bc97d60c42147ca25b032c4149487f1a1ab4581292c7eff2bc801b9 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | 7659392a12010d8c761cb9888f6fd5ac |
| SHA1 | b8829c26628740b77ab7405c231f420e860d8c1f |
| SHA256 | 71bd0bffdeca9dce2b4e9e1d767a0732657032171f3ad33903dec353ef95a431 |
| SHA512 | 5caf94b288649b687f411cbb5519168e09e161f8d9545a6bad1b0d08876a542d153a115f8b44e3f15d973812ce8ec7471bba7d8bd0b9a22d0abf6fdf2914a2bf |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | 9905e5a33c6edd8eb5f59780afbf74de |
| SHA1 | 64b2cd0186ff6fe05072ee88e2bb54476023772e |
| SHA256 | c134b2f85415ba5cfce3e3fe4745688335745a9bb22152ac8f5c77f190d8aee3 |
| SHA512 | e10711d0fb09db27192e9af05ae45b83cf3882d98e904a7f1f969cf24c2f9626f70f35d76f57477fe9c64a58bc74100410740e9d506d4e72d3e2900d6277816e |
C:\Users\Admin\AppData\Local\Temp\Twain_20.cmd
| MD5 | ad0010095a82da61b486dbe70cd90767 |
| SHA1 | 67d5a65f8cee8409dfcec2da99d290a2730cd662 |
| SHA256 | 28d651bd0e01d8ee66b46b064b05841cf33e44f3c55ee8b0612f5a812bf0de43 |
| SHA512 | 93a5f5c2f71a00ce760f1efe89280e259b3f75f1d04e3a1708d683c0b9a619fb5ac577e0d9f59c3b767c3b45323e3af9450362624526705766bf77a94b4aa827 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 089381a847f01ba0962ae00f0d92d5e8 |
| SHA1 | 9f3240f89871639778a318e0cadccafcf9d7c55e |
| SHA256 | 2cda289b5067c9daf8b4dffdf323b2fe9d0a47bfdbb91b4a017029bc74729c05 |
| SHA512 | 89fbf1b423f17101970290b070d740b8d58beecc6723e64edb7ae23b9285afe3a612b8e8f5ec202d60aca3875a28dbc556a43af9fe4113ac0bdba1fa83c5213a |
C:\Users\Admin\AppData\Local\Temp\Autorun.inf
| MD5 | 3fdd19fb2a886abcccbbb2d3253b43ea |
| SHA1 | 56f40cec4c6287084f3fe5147a929e9c6d81ab41 |
| SHA256 | 005939c96c791e50f2aa446ad812e3bfeae8297fee51c7f6e543d1d6571882a3 |
| SHA512 | cdc92751c460ef659637ff239479503f13c701bddb704799e173e6b2e9ad90fd551b5cbf2dd060ecadc0f9f450e2c49656a74a9a36f7d82b919d92dca234e467 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | baa511e0932e6c0781dd1488615d17a6 |
| SHA1 | e3218aefe8c272ade02eb6cc5188df6d50b04de0 |
| SHA256 | 20fa853d5be5b8f30eeb6ae3e24558a2091d80102944ab26b9861df5cea6c6fa |
| SHA512 | 24be7fabda63dd82dfb5307e2ae0dc7176bf59c0918f1316bddb7515e0695b10cd6e24420af4afcda3d5f1b01e3d540a2d75a629f40c381da05eb3c28ff4697e |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 2b53a46ae02fce67bce51e7c8e038090 |
| SHA1 | eed125727ba662809b429c1daf51537bcbe99282 |
| SHA256 | d705186e4de0aae2f588c744b8730d2d6a855d2f0a70ad25796c772dcc90edc5 |
| SHA512 | b36e37c3173e82620c03a173b2f08d3632cfe548c68447e239ada09cf278338632f684e2a6b37a25b290bb9fc8e5187c787cec4dd50b020f9b9c6e4200f19619 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6989502044e4a9fca67e9ded25de9956 |
| SHA1 | 9a8d099caad939d32599530b27f7db641cbdb8da |
| SHA256 | b370b54e95376f4b6df27592bc23343c82ebbfad3d52e71a38a2aac504bda04c |
| SHA512 | 9f0e6d59d9adc531f5c162b964205e0dd63c6a956291af48d24e6b8988a940b6f2cc7644a9163277e6383a6d9f8ddb00c9687d73426ea776c691e73f66e95a5e |
C:\Users\Admin\AppData\Local\Temp\Taskse.exe
| MD5 | 2276398c7dd4ee1066aee28daf25d55d |
| SHA1 | 3c85b0f3aff2025a283e65076b44e4798d054d87 |
| SHA256 | 5a7d7e094c380508c47460313d7af3447983c604042dffb0c0a246dfbcf79f90 |
| SHA512 | f0e9ba4dce38383125cead874fdbbce10d95632591ccb1105ff4dbc3eb65c79668fe45037ddcf6a1e7233523bdf2a60abc53b3eb727369308eb7fc8545d94157 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 6be2a551c3de6c22992d28cd8ee588c0 |
| SHA1 | 31aba40febff5dc3922aeeb326cd33ee5826ee42 |
| SHA256 | 399adfef7fee19fb39563b04ed864e2cadb7151912af0bd485b9d042d95ba5e4 |
| SHA512 | ee277cab71f860d24a67f5104b2abefc4aadf8b7bd1ff4671cbb60566b869b3b72c91b6cd7bd8e2c9b4eb1283d31d0661c3fad842fed396f78999e5535509f04 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | adad2cd23a8880d4b3bdb1481c5b7998 |
| SHA1 | 823fc1acc3e7a3f0cffab5cb8fa453a8c0d1872c |
| SHA256 | 838ba55eb15df2e0145178a20b4d01314d0fcde04ff871649012eaeba6bbfb69 |
| SHA512 | 8c600e32157daef85549d0a19a40f38e812e05cbf24e51453fa1ea94435e55fe4a705e77d42a4f63f3c565da98b4e69f1ed7bb6f3dbca65e80b17526954e60e4 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 88a2fcd93445c8b092324fe1236d31dc |
| SHA1 | f63653fe34d54b7e42e29689a934ed097329128d |
| SHA256 | 0783070444c465de8a21f7fc41f61d2bd535e995454e4086b2e01780e96ad419 |
| SHA512 | 3e44cce194b1cc3d6946d33dee6756f0333edc886f9ebe8149887c2e9b35867575ed47f15b2c384ed37aab3b8e37dae3369e1259d132bdf9bb832c70c09e8085 |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 5dfd819273a34eeb1a213e66dd8308a7 |
| SHA1 | 65291936bcbe05742a6bc15d989d5e3acff59998 |
| SHA256 | 7699fff0e361a55cce19ca7922fae4f70eb6ca56b770223fab5d1fd936b0a184 |
| SHA512 | d19cf3e05df7d5d1f360d20a47e2658d03067cffce1b767bf2e430ebba5f49bcdb37e9c098c195c919682bf90b5a54c508dad587bff3f4c1c73ac6065b019913 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 9f182d7a8d0d47bd754141fbd6f352c8 |
| SHA1 | 5939bab760a020485799788676b223d97d4fae42 |
| SHA256 | 8cfa44aff855ee951f51b4ae2482eb53b86789df4e1ff0a2346a87a248e0ecb7 |
| SHA512 | 3aad839f2ac2e3690e98e519063ea5b04589a5753fdae523854fa01cd14db1521b4b712fd98888ed67b8fc0a062907e699fa7045fbce1136e5dd4a4a5043d286 |
C:\Users\Admin\AppData\Local\Temp\ErrorCritico.vbs
| MD5 | b260589bc116e407e75412be10ce0c7c |
| SHA1 | b3498d228b26ad13ba76b27d624ef5eef940221c |
| SHA256 | 61bf3a4e7eb43119fb6f69c2d63872f35b9b6d79fd5a846ad824951ccea9898f |
| SHA512 | 007b78a36ea10d91360610ceec313bfa51c663c719859edf95dae0cdb75bdbbe6908bf0cb4c3f2e237539e0e20dc64266328e8a82ad5a7c90b59b6f56f683c4f |
C:\Windows\Debug\WIA\wiatrace.log
| MD5 | 92d5f584d83d142d4f3c470932f6e2fc |
| SHA1 | 60c489e78688c7c2925fec0f17e69221903009e6 |
| SHA256 | 7552d71c831bd8736a09ba89cdbc03766a86d38653b8606b87426188391e797d |
| SHA512 | 71349b77b6d31025807a02c4d33c10907b37de40cd0c2dd5109eda8cd8429680575e42ef48d10f31c76d34a713793487057740effbf42cab4af3741ae0232cb0 |
C:\Users\Admin\AppData\Local\Temp\Advertencia.vbs
| MD5 | 8d485f3ac2acb6e586e8f1d8af2df57f |
| SHA1 | 43e9653ecedbad263a5e015ecaa3eebb7a44feb9 |
| SHA256 | 530f6ebaf4445acb0855efc516729598a3312aeedd0ef9024da6f347f152e783 |
| SHA512 | 4105fa612f86d46457f77449c095cd9e1f59dcb4d137bf3d822e4f52f89c517faadfbaa00b07d15aabfc0d2afdb093ea63d59add313525149f17b7427917494b |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | ea260c435f9eb83e2b5041e734ff3598 |
| SHA1 | ca70d64367cbdffbbf24e82baff4048119203a2e |
| SHA256 | 3ade659fdae17c11c3f42b712f94045691fbd0b413428b73e1de8fe699e74615 |
| SHA512 | 548624cc523aeb4136376f792d23b3f2aee4a676362f8a0dd0e8161f0df87ab926b82f67fc174eb5d9473c23f49e6ca962bc84479967f7e624250d94efa66876 |
C:\Users\Admin\AppData\Local\Temp\windowswimn32.bat
| MD5 | fe669e0a3a56961fba38ef9b7f7d01dd |
| SHA1 | 338b6f4a3ec71587d53aec450ca5448928f966a1 |
| SHA256 | 138b48a413afa60daa506090fa4332d913a1f9d895b6c289c36dd7db00019d64 |
| SHA512 | ff0bc50cef59421253578172602a56f9f9b3a8988a16576eaf8a004792d330c708dbed95f5f4074fb2eec36d7df7f4a0392c88420d2b0678cd907056a23cd41b |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | 58e907ee6a64a54663adac97ebe39ba6 |
| SHA1 | 0f1aac6bc3dd7d1deaee982c4e3eac68b5e765af |
| SHA256 | e37b035ba3bf569192cee488f57b1bc672c94d6003620fe17249acfbfd4cce11 |
| SHA512 | 868c6070cc910d7f9f66faf2000af86494071724cbeddf96f7a4db3239b68501d1fcf2fbd1690b6692ff2d27098557893d6bcc58256643e4e90e64ef512df4f3 |
C:\Users\Admin\AppData\Local\Temp\Informacion.vbs
| MD5 | 0da9e7906a0c5c66118db8f74aaeb510 |
| SHA1 | 83f94b0bb8ba53749962c48a0816833ee76224da |
| SHA256 | 725c53af4c854475759da82ec802d9f126e3dea1dcc523576dcfa71bf1d4325f |
| SHA512 | 47638baabbe723ff410550b9b4da382b48eb2be55704556edc4966067c31613f9e3a297514aac5c32fc4ba6fc2f63377da8e20f439ec58d8b03b2258654817ba |
C:\Users\Admin\AppData\Local\Temp\Taskdl.bat
| MD5 | cba4e72b76bd3ce5a2ebe1bf68fe3eae |
| SHA1 | fd22c9ee3af810241c8583a80448f1f1d06d49a3 |
| SHA256 | 64e7b1e0829a8180a143212748f4a1950cf4b2e433b6921395d33af72090dce0 |
| SHA512 | 9becd6d4d9ee5082d904e40e306cd285467a1659ac5eef9c9473f904a6af9df2a08b2bd4f0c9434e784b00d83c516dc34f6e50779b8d0ace5276cfed0854a91d |
memory/15992-1183-0x0000000000050000-0x00000000000A2000-memory.dmp
memory/10844-1191-0x00007FF903C30000-0x00007FF903E25000-memory.dmp
memory/10668-1251-0x00007FF903C30000-0x00007FF903E25000-memory.dmp