By default, hashcat doesn't start from 'aaaaa' - instead, it starts with sets of characters that appear most frequently in common passwords, called Markov mode. For example, if you try '?d?d?d?d?d', it will start with '12345', not '00000'.
It *does* behave how you're describing if you disable Markov mode, but I'm not aware of a way to invert the non-Markov bruteforce attack sequence.
It *does* behave how you're describing if you disable Markov mode, but I'm not aware of a way to invert the non-Markov bruteforce attack sequence.
~