45f3b07fe66f65cac16b6765e83dbb1fa8a8370ccd18289a475a12d1997a023b

Analysis

max time kernel
186s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-05-2022 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dota2mode.exe
Size

3.4MB
MD5

888d36190614310fbfc16548f3568e84
SHA1

238d4bc0cdc004c1c2be109058375e85f6342fc8
SHA256

d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92
SHA512

23852fddcbdc526bfeebd7fad33715553e155c3d16a9ae67b314da0f4678ae5fe761c6fa9894be3fe43b84666db29e08f7d77cdce5b27944e33cab3f53ab39f9

Score

8^/10

miner upx

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

Rar.exemonvuibk.exeRar.exeplus.exeoiqwiz.exe

pid process

2128 Rar.exe
4248 monvuibk.exe
2744 Rar.exe
824 plus.exe
4580 oiqwiz.exe

pid	process
2128	Rar.exe
4248	monvuibk.exe
2744	Rar.exe
824	plus.exe
4580	oiqwiz.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\xnojklgq\oiqwiz.exe	upx
C:\xnojklgq\oiqwiz.exe	upx

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WScript.exeDota2mode.exeWScript.exemonvuibk.exeplus.exeWScript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation	Dota2mode.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation	monvuibk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation	plus.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation	WScript.exe

Cryptocurrency Miner
Makes network request to known mining pool URL.
miner
Drops startup file 1 IoCs

Processes:

plus.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xnojklgq.lnk plus.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xnojklgq.lnk	plus.exe

Delays execution with timeout.exe 64 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid	process
1200	timeout.exe
2400	timeout.exe
3180	timeout.exe
2156	timeout.exe
3448	timeout.exe
3316	timeout.exe
3060	timeout.exe
2124	timeout.exe
3172	timeout.exe
5036	timeout.exe
4224	timeout.exe
700	timeout.exe
1368	timeout.exe
1480	timeout.exe
2404	timeout.exe
1956	timeout.exe
4192	timeout.exe
3108	timeout.exe
4524	timeout.exe
4396	timeout.exe
3228	timeout.exe
764	timeout.exe
3800	timeout.exe
3544	timeout.exe
544	timeout.exe
4296	timeout.exe
4660	timeout.exe
1020	timeout.exe
220	timeout.exe
1608	timeout.exe
3780	timeout.exe
4744	timeout.exe
3552	timeout.exe
980	timeout.exe
3668	timeout.exe
3128	timeout.exe
3916	timeout.exe
364	timeout.exe
2192	timeout.exe
3016	timeout.exe
2012	timeout.exe
4080	timeout.exe
4624	timeout.exe
1564	timeout.exe
4956	timeout.exe
4996	timeout.exe
4664	timeout.exe
1312	timeout.exe
3228	timeout.exe
4292	timeout.exe
4044	timeout.exe
5036	timeout.exe
3680	timeout.exe
4264	timeout.exe
1364	timeout.exe
3604	timeout.exe
2944	timeout.exe
2576	timeout.exe
3928	timeout.exe
4940	timeout.exe
4664	timeout.exe
1040	timeout.exe
3912	timeout.exe
1260	timeout.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid	process
3648	tasklist.exe
1992	tasklist.exe
960	tasklist.exe
4412	tasklist.exe
4780	tasklist.exe
1448	tasklist.exe
544	tasklist.exe
4836	tasklist.exe
4072	tasklist.exe
4276	tasklist.exe
4956	tasklist.exe
4876	tasklist.exe
3180	tasklist.exe
3384	tasklist.exe
396	tasklist.exe
5032	tasklist.exe
644	tasklist.exe
2872	tasklist.exe
4864	tasklist.exe
4340	tasklist.exe
3164	tasklist.exe
2104	tasklist.exe
2068	tasklist.exe
2288	tasklist.exe
4492	tasklist.exe
244	tasklist.exe
3184	tasklist.exe
2696	tasklist.exe
5048	tasklist.exe
4872	tasklist.exe
5012	tasklist.exe
4416	tasklist.exe
1816	tasklist.exe
2576	tasklist.exe
2264	tasklist.exe
4396	tasklist.exe
4452	tasklist.exe
4080	tasklist.exe
764	tasklist.exe
4720	tasklist.exe
1868	tasklist.exe
4852	tasklist.exe
4296	tasklist.exe
1292	tasklist.exe
764	tasklist.exe
4252	tasklist.exe
1472	tasklist.exe
2968	tasklist.exe
2988	tasklist.exe
2860	tasklist.exe
4980	tasklist.exe
2220	tasklist.exe
4292	tasklist.exe
3988	tasklist.exe
1700	tasklist.exe
4676	tasklist.exe
2128	tasklist.exe
824	tasklist.exe
1296	tasklist.exe
3672	tasklist.exe
1036	tasklist.exe
2908	tasklist.exe
2420	tasklist.exe
4316	tasklist.exe

Kills process with taskkill 3 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

4988 taskkill.exe
4964 taskkill.exe
4872 taskkill.exe

pid	process
4988	taskkill.exe
4964	taskkill.exe
4872	taskkill.exe

Modifies registry class 2 IoCs

Processes:

Dota2mode.exeplus.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000_Classes\Local Settings	Dota2mode.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000_Classes\Local Settings	plus.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

monvuibk.exe

pid	process
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe
4248	monvuibk.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

description	pid	process
Token: SeDebugPrivilege	4988	taskkill.exe
Token: SeDebugPrivilege	4964	taskkill.exe
Token: SeDebugPrivilege	4872	taskkill.exe
Token: SeDebugPrivilege	1472	tasklist.exe
Token: SeDebugPrivilege	436	tasklist.exe
Token: SeDebugPrivilege	3184	tasklist.exe
Token: SeDebugPrivilege	1788	tasklist.exe
Token: SeDebugPrivilege	1448	tasklist.exe
Token: SeDebugPrivilege	4616	tasklist.exe
Token: SeDebugPrivilege	4536	tasklist.exe
Token: SeDebugPrivilege	3556	tasklist.exe
Token: SeDebugPrivilege	4396	tasklist.exe
Token: SeDebugPrivilege	2556	tasklist.exe
Token: SeDebugPrivilege	4720	tasklist.exe
Token: SeDebugPrivilege	3448	tasklist.exe
Token: SeDebugPrivilege	4956	tasklist.exe
Token: SeDebugPrivilege	4964	tasklist.exe
Token: SeDebugPrivilege	3680	tasklist.exe
Token: SeDebugPrivilege	4796	tasklist.exe
Token: SeDebugPrivilege	544	tasklist.exe
Token: SeDebugPrivilege	2464	tasklist.exe
Token: SeDebugPrivilege	4864	tasklist.exe
Token: SeDebugPrivilege	3148	tasklist.exe
Token: SeDebugPrivilege	3988	tasklist.exe
Token: SeDebugPrivilege	4544	tasklist.exe
Token: SeDebugPrivilege	4172	tasklist.exe
Token: SeDebugPrivilege	1648	tasklist.exe
Token: SeDebugPrivilege	4340	tasklist.exe
Token: SeDebugPrivilege	3164	tasklist.exe
Token: SeDebugPrivilege	1296	tasklist.exe
Token: SeDebugPrivilege	1988	tasklist.exe
Token: SeDebugPrivilege	556	tasklist.exe
Token: SeDebugPrivilege	3944	tasklist.exe
Token: SeDebugPrivilege	4876	tasklist.exe
Token: SeDebugPrivilege	3180	tasklist.exe
Token: SeDebugPrivilege	2104	tasklist.exe
Token: SeDebugPrivilege	2068	tasklist.exe
Token: SeDebugPrivilege	4080	tasklist.exe
Token: SeDebugPrivilege	3928	tasklist.exe
Token: SeDebugPrivilege	1892	tasklist.exe
Token: SeDebugPrivilege	2288	tasklist.exe
Token: SeDebugPrivilege	4284	tasklist.exe
Token: SeDebugPrivilege	2912	tasklist.exe
Token: SeDebugPrivilege	3648	tasklist.exe
Token: SeDebugPrivilege	4152	tasklist.exe
Token: SeDebugPrivilege	4676	tasklist.exe
Token: SeDebugPrivilege	1044	tasklist.exe
Token: SeDebugPrivilege	1700	tasklist.exe
Token: SeDebugPrivilege	1764	tasklist.exe
Token: SeDebugPrivilege	788	tasklist.exe
Token: SeDebugPrivilege	4612	tasklist.exe
Token: SeDebugPrivilege	1752	tasklist.exe
Token: SeDebugPrivilege	3672	tasklist.exe
Token: SeDebugPrivilege	3464	tasklist.exe
Token: SeDebugPrivilege	3104	tasklist.exe
Token: SeDebugPrivilege	1792	tasklist.exe
Token: SeDebugPrivilege	700	tasklist.exe
Token: SeDebugPrivilege	3440	tasklist.exe
Token: SeDebugPrivilege	1364	tasklist.exe
Token: SeDebugPrivilege	3872	tasklist.exe
Token: SeDebugPrivilege	3980	tasklist.exe
Token: SeDebugPrivilege	2824	tasklist.exe
Token: SeDebugPrivilege	5012	tasklist.exe
Token: SeDebugPrivilege	1868	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Dota2mode.exeWScript.execmd.exemonvuibk.execmd.exeplus.exeWScript.exeWScript.execmd.execmd.execmd.exe

description	pid	process	target process
PID 4072 wrote to memory of 4744	4072	Dota2mode.exe	WScript.exe
PID 4072 wrote to memory of 4744	4072	Dota2mode.exe	WScript.exe
PID 4072 wrote to memory of 4744	4072	Dota2mode.exe	WScript.exe
PID 4744 wrote to memory of 4808	4744	WScript.exe	cmd.exe
PID 4744 wrote to memory of 4808	4744	WScript.exe	cmd.exe
PID 4744 wrote to memory of 4808	4744	WScript.exe	cmd.exe
PID 4808 wrote to memory of 4988	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 4988	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 4988	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 4964	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 4964	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 4964	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 1368	4808	cmd.exe	timeout.exe
PID 4808 wrote to memory of 1368	4808	cmd.exe	timeout.exe
PID 4808 wrote to memory of 1368	4808	cmd.exe	timeout.exe
PID 4808 wrote to memory of 1540	4808	cmd.exe	chcp.com
PID 4808 wrote to memory of 1540	4808	cmd.exe	chcp.com
PID 4808 wrote to memory of 1540	4808	cmd.exe	chcp.com
PID 4808 wrote to memory of 2128	4808	cmd.exe	Rar.exe
PID 4808 wrote to memory of 2128	4808	cmd.exe	Rar.exe
PID 4808 wrote to memory of 2128	4808	cmd.exe	Rar.exe
PID 4808 wrote to memory of 4872	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 4872	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 4872	4808	cmd.exe	taskkill.exe
PID 4808 wrote to memory of 4248	4808	cmd.exe	monvuibk.exe
PID 4808 wrote to memory of 4248	4808	cmd.exe	monvuibk.exe
PID 4808 wrote to memory of 4248	4808	cmd.exe	monvuibk.exe
PID 4808 wrote to memory of 544	4808	cmd.exe	timeout.exe
PID 4808 wrote to memory of 544	4808	cmd.exe	timeout.exe
PID 4808 wrote to memory of 544	4808	cmd.exe	timeout.exe
PID 4248 wrote to memory of 244	4248	monvuibk.exe	cmd.exe
PID 4248 wrote to memory of 244	4248	monvuibk.exe	cmd.exe
PID 4248 wrote to memory of 244	4248	monvuibk.exe	cmd.exe
PID 244 wrote to memory of 3704	244	cmd.exe	chcp.com
PID 244 wrote to memory of 3704	244	cmd.exe	chcp.com
PID 244 wrote to memory of 3704	244	cmd.exe	chcp.com
PID 244 wrote to memory of 2744	244	cmd.exe	Rar.exe
PID 244 wrote to memory of 2744	244	cmd.exe	Rar.exe
PID 244 wrote to memory of 2744	244	cmd.exe	Rar.exe
PID 4248 wrote to memory of 824	4248	monvuibk.exe	plus.exe
PID 4248 wrote to memory of 824	4248	monvuibk.exe	plus.exe
PID 4248 wrote to memory of 824	4248	monvuibk.exe	plus.exe
PID 824 wrote to memory of 3104	824	plus.exe	WScript.exe
PID 824 wrote to memory of 3104	824	plus.exe	WScript.exe
PID 824 wrote to memory of 3104	824	plus.exe	WScript.exe
PID 824 wrote to memory of 432	824	plus.exe	WScript.exe
PID 824 wrote to memory of 432	824	plus.exe	WScript.exe
PID 824 wrote to memory of 432	824	plus.exe	WScript.exe
PID 432 wrote to memory of 2204	432	WScript.exe	cmd.exe
PID 432 wrote to memory of 2204	432	WScript.exe	cmd.exe
PID 432 wrote to memory of 2204	432	WScript.exe	cmd.exe
PID 3104 wrote to memory of 4924	3104	WScript.exe	cmd.exe
PID 3104 wrote to memory of 4924	3104	WScript.exe	cmd.exe
PID 3104 wrote to memory of 4924	3104	WScript.exe	cmd.exe
PID 4924 wrote to memory of 1200	4924	cmd.exe	timeout.exe
PID 4924 wrote to memory of 1200	4924	cmd.exe	timeout.exe
PID 4924 wrote to memory of 1200	4924	cmd.exe	timeout.exe
PID 2204 wrote to memory of 4580	2204	cmd.exe	oiqwiz.exe
PID 2204 wrote to memory of 4580	2204	cmd.exe	oiqwiz.exe
PID 4924 wrote to memory of 4212	4924	cmd.exe	cmd.exe
PID 4924 wrote to memory of 4212	4924	cmd.exe	cmd.exe
PID 4924 wrote to memory of 4212	4924	cmd.exe	cmd.exe
PID 4212 wrote to memory of 1472	4212	cmd.exe	tasklist.exe
PID 4212 wrote to memory of 1472	4212	cmd.exe	tasklist.exe

C:\Users\Admin\AppData\Local\Temp\Dota2mode.exe
"C:\Users\Admin\AppData\Local\Temp\Dota2mode.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4072

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\sunshiqn\run.vbs"
2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4744

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\sunshiqn\pause.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:4808

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rar.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4988

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rar.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4964

C:\Windows\SysWOW64\timeout.exe
timeout 3
4⤵
- Delays execution with timeout.exe
PID:1368

C:\Windows\SysWOW64\chcp.com
chcp 1251
4⤵
PID:1540

C:\sunshiqn\Rar.exe
"Rar.exe" e -p555 privat.rar
4⤵
- Executes dropped EXE
PID:2128

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rar.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4872

C:\sunshiqn\monvuibk.exe
monvuibk.exe
4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4248

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\xnojklgq\omen.bat" "
5⤵
- Suspicious use of WriteProcessMemory
PID:244

C:\Windows\SysWOW64\chcp.com
chcp 1251
6⤵
PID:3704

C:\xnojklgq\Rar.exe
"Rar.exe" c -zinfo.txt "plus.exe"
6⤵
- Executes dropped EXE
PID:2744

C:\xnojklgq\plus.exe
"C:\xnojklgq\plus.exe"
5⤵
- Executes dropped EXE
- Checks computer location settings
- Drops startup file
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:824

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\xnojklgq\Go.vbs"
6⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3104

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\xnojklgq\Go.bat" "
7⤵
- Suspicious use of WriteProcessMemory
PID:4924

C:\Windows\SysWOW64\timeout.exe
timeout /t 2 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1200

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
- Suspicious use of WriteProcessMemory
PID:4212

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1472

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4996

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3992

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:436

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4980

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3184

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1364

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4432

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1788

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:556

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1448

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2208

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3200

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4616

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4380

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4536

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2124

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3808

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3556

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2960

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4396

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1040

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4060

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2556

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1796

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4720

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3912

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2088

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3448

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4784

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4956

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4524

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4940

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4964

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4740

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3680

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3136

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1044

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4796

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1700

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:544

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:228

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1564

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2464

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:244

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4864

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2400

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3016

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3148

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3100

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3988

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3604

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3128

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3668

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4172

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4344

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1472

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1648

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2364

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4340

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4296

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1660

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3164

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1556

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1296

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:448

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1788

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1988

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2444

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:556

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3172

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:820

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3944

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5048

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4876

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:5036

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5004

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3180

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3808

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2104

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4396

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4252

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2068

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1828

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4080

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3780

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3212

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3928

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3932

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1892

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2628

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4812

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2288

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2088

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4284

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4744

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4988

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2912

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4524

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3648

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4900

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4072

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4152

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4076

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4676

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4800

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4064

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1044

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1516

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1700

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1480

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5000

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1764

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4268

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:788

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1312

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2696

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4612

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2400

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1752

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3016

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3008

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3672

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1392

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3464

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3128

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4596

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3104

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4348

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1792

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4664

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4012

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:700

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:668

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3440

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1260

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1304

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1364

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2056

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3872

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1988

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1908

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3980

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:776

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2824

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3944

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1376

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5012

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1572

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1868

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3180

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1032

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4416

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3084

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4836

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4468

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4252

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2968

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1828

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3780

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3916

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3212

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2436

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1892

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:1816

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4084

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3232

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4812

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4732

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2088

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1528

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4744

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4852

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4988

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:960

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4524

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4964

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3044

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4700

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4072

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3228

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4740

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2128

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3772

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4224

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4660

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2464

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2764

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:224

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:1036

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1312

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4292

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4644

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3244

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:824

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3016

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:444

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3672

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4544

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2908

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3128

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4172

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3104

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1648

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1792

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2364

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:828

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:700

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4980

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4296

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1296

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2132

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1304

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3452

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2056

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2012

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2748

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1908

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3200

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:776

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1096

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5012

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3556

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1868

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:5004

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3808

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4416

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2220

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5020

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2068

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4080

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2568

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2340

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4720

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1796

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2740

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1924

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3384

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3932

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4560

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4624

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4552

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:1992

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3272

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2088

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1920

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1856

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4852

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4904

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:960

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2944

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3680

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2420

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4244

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4152

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3228

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2488

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:396

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4944

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2988

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:364

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4280

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2160

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3840

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:544

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1564

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3776

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4492

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4268

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:244

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:640

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3572

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4840

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1312

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3160

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4292

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1752

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2884

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3988

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4136

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3552

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:444

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3604

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4716

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4316

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1812

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3708

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4172

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1080

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1648

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2404

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3984

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:700

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:668

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3184

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2156

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1952

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2576

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3540

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:448

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:764

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:464

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2192

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4536

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:776

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4044

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1096

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2264

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2104

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3336

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4272

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3816

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4396

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2728

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2860

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3800

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3904

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3328

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2008

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3916

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1796

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4896

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4064

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3688

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2436

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3448

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1816

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4820

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3232

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1992

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1528

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1948

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2912

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3648

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3676

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:980

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3632

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4412

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4156

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2752

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1956

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4032

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4276

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5016

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4712

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2240

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4184

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4756

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2128

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4872

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4224

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1624

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1700

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4696

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1800

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1036

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:224

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2004

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2052

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:1292

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4192

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4612

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1312

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2276

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:824

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1020

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4604

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3008

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3492

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4780

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4792

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3552

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4736

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4844

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1392

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3668

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1284

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4596

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4348

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4172

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4628

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1268

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3164

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:492

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:700

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1556

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4980

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4432

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:5032

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2576

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:652

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:644

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2108

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:764

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4876

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2192

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3064

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:776

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4984

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:5036

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1096

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1724

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3808

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2220

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1040

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4060

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2516

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4252

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3928

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2036

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3916

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3388

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:64

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3504

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4728

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2436

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4312

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4452

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4956

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4784

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4812

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1452

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4744

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4940

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4988

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3676

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3136

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4900

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3680

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4700

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:656

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3228

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4908

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:396

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4712

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4948

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2352

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4756

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:220

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4872

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3772

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1564

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1700

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1764

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1800

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3884

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1236

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4424

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4264

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3612

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2052

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4888

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2696

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3108

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3148

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4292

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3512

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3496

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3316

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1824

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3988

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1008

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1628

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1608

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4016

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1092

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1588

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4952

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4664

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1472

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4596

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1792

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2872

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:828

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2404

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3164

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1084

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1296

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1448

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1788

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2148

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:448

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3052

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3060

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3944

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:764

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4876

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2208

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2192

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5012

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:5048

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5036

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:896

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5004

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4036

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4272

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\xnojklgq\Auto.vbs"
6⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:432

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\xnojklgq\Auto.bat" "
7⤵
- Suspicious use of WriteProcessMemory
PID:2204

C:\xnojklgq\oiqwiz.exe
"oiqwiz.exe"
8⤵
- Executes dropped EXE
PID:4580

C:\Windows\SysWOW64\timeout.exe
timeout 2
4⤵
- Delays execution with timeout.exe
PID:544

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\sunshiqn\Rar.exe
Filesize
370KB

MD5
2e86a9862257a0cf723ceef3868a1a12

SHA1
a4324281823f0800132bf13f5ad3860e6b5532c6

SHA256
2356220cfa9159b463d762e2833f647a04fa58b4c627fcb4fb1773d199656ab8

SHA512
3a8e0389637fc8a3f8bab130326fe091ead8c0575a1a3861622466d4e3c37818c928bc74af4d14b5bb3080dfae46e41fee2c362a7093b5aa3b9df39110c8e9de

Download Submit
C:\sunshiqn\Rar.exe
Filesize
370KB

MD5
2e86a9862257a0cf723ceef3868a1a12

SHA1
a4324281823f0800132bf13f5ad3860e6b5532c6

SHA256
2356220cfa9159b463d762e2833f647a04fa58b4c627fcb4fb1773d199656ab8

SHA512
3a8e0389637fc8a3f8bab130326fe091ead8c0575a1a3861622466d4e3c37818c928bc74af4d14b5bb3080dfae46e41fee2c362a7093b5aa3b9df39110c8e9de

Download Submit
C:\sunshiqn\monvuibk.exe
Filesize
6.5MB

MD5
5a5db532785179ed05b8a80187d7ee21

SHA1
e42a3a40e836b691c2aa9dbe9600da17c8c75763

SHA256
43d61d6b22303523a18c79162c58c15f108635a6b9bbff1a3331b74624467593

SHA512
4e45569289f3dbe5abd7c2f4303e2af0facdf239ec1effd2d15fac01f129bcd44ece0b389892ad70a42d0dd511e156adb5ce98176158c0ea42b4b0fefa51138b

Download Submit
C:\sunshiqn\monvuibk.exe
Filesize
6.5MB

MD5
5a5db532785179ed05b8a80187d7ee21

SHA1
e42a3a40e836b691c2aa9dbe9600da17c8c75763

SHA256
43d61d6b22303523a18c79162c58c15f108635a6b9bbff1a3331b74624467593

SHA512
4e45569289f3dbe5abd7c2f4303e2af0facdf239ec1effd2d15fac01f129bcd44ece0b389892ad70a42d0dd511e156adb5ce98176158c0ea42b4b0fefa51138b

Download Submit
C:\sunshiqn\pause.bat
Filesize
325B

MD5
fb085f47185862061fa2adb5acc58171

SHA1
5f91cf2e8bc109e20dbe97ab91d0b047a727e93b

SHA256
fec96179e59437ede713340e5686b681c107a0363e79c5c24045887f5e7d3e1b

SHA512
a2ac14d7e67fa5d13312141b76fbc11cd373dfb1499b7d575c80e4409334a4bb28523d31044003fd907e5e52ac5e5cc45377551b1d3b704b94b2de7de892e76e

Download Submit
C:\sunshiqn\privat.rar
Filesize
3.0MB

MD5
bcd1d52c65ff0c640681ef7f4b4dd701

SHA1
b3a364dda02cd50ebb7990b2bfee1779a001bd95

SHA256
c54c442cfc5b905a337c740e1008ada67158e22c1b780d39e0e7c5e90ab82750

SHA512
bd9f2033a337acfed85e500588814530f81ef299a241998ae20d4518b01d9094e7ec65f7da2bfbc6328b9a89fd90cdc9233e575274efd4db04269baf035526b8

Download Submit
C:\sunshiqn\run.vbs
Filesize
84B

MD5
6a5f5a48072a1adae96d2bd88848dcff

SHA1
b381fa864db6c521cbf1133a68acf1db4baa7005

SHA256
c7758bb2fdf207306a5b83c9916bfffcc5e85efe14c8f00d18e2b6639b9780fe

SHA512
d11101b11a95d39a2b23411955e869f92451e1613b150c15d953cccf0f741fb6c3cf082124af8b67d4eb40feb112e1167a1e25bdeab9e433af3ccc5384ccb90c

Download Submit
C:\xnojklgq\Auto.bat
Filesize
219B

MD5
88659c9200f43efa7eedad229588356b

SHA1
36b4c368c1f5c75ca990b4d14f8a5eec903485b1

SHA256
4c77b094a906d8a0299b275581628e66c9d4e6ca96dcede7e67a3eb1c2aec2cc

SHA512
a4fe7494848608cdfe65b221edf479ff725c420772899b27db3beef540e64bf36dbc1beca31651b34664445238052d5e41360c47efe17058daa7c848103944ee

Download Submit
C:\xnojklgq\Auto.vbs
Filesize
118B

MD5
8cab8206831c992d7c6dd5f9cfea94d9

SHA1
e36b6dd77691dbf8b1bcb4ce986e3432ff9d06af

SHA256
519603f0aa335880a3a93ba0c193a81b0bff798d931e07e4b6a4109f5a174a52

SHA512
82561a074d840666c6a2549b32d2e6f9d172d6dd7c4a5ee1009f4863fd9522cbbd8296fcdd9534a8243e22f89c6555c10c160576c5f1af516b675bc6d90de105

Download Submit
C:\xnojklgq\Go.bat
Filesize
716B

MD5
6b5ec49cb5d3ae843891067a3484d99e

SHA1
7a903ae5924a1c2dd5406afdf8fa694243d2a26b

SHA256
7874c9ef2c75258c90f01bbc3d5a3f9ed65f1f09c8b00a39b7cfb07f7b45740f

SHA512
9279071dfb1a599827919cff376ae1ef0f518415180ecf1631563caf7c0548f827373e4fee44e24eb705b55107f1bf945aa3cdfd618fdb54ed9c7f381fef4101

Download Submit
C:\xnojklgq\Go.vbs
Filesize
227B

MD5
a3f3d477adf9ca6fffc7eb6ecd9eb17d

SHA1
611442499a4d0ae3fbce1ae1cde20cb92360bb75

SHA256
4e7ea70519889275be433f5bf53a4c81e0ea3db8f0bd2429b68b4f9b262d307c

SHA512
0b4864684acac03fe25b4c80677c4da9e0890cf1b3164e98ee9f807a54017e0f1bceec4010de11b5be5ebedc32f9fe3dc53d5c9529a1ce26485669f00611746d

Download Submit
C:\xnojklgq\Rar.exe
Filesize
370KB

MD5
2e86a9862257a0cf723ceef3868a1a12

SHA1
a4324281823f0800132bf13f5ad3860e6b5532c6

SHA256
2356220cfa9159b463d762e2833f647a04fa58b4c627fcb4fb1773d199656ab8

SHA512
3a8e0389637fc8a3f8bab130326fe091ead8c0575a1a3861622466d4e3c37818c928bc74af4d14b5bb3080dfae46e41fee2c362a7093b5aa3b9df39110c8e9de

Download Submit
C:\xnojklgq\Rar.exe
Filesize
370KB

MD5
2e86a9862257a0cf723ceef3868a1a12

SHA1
a4324281823f0800132bf13f5ad3860e6b5532c6

SHA256
2356220cfa9159b463d762e2833f647a04fa58b4c627fcb4fb1773d199656ab8

SHA512
3a8e0389637fc8a3f8bab130326fe091ead8c0575a1a3861622466d4e3c37818c928bc74af4d14b5bb3080dfae46e41fee2c362a7093b5aa3b9df39110c8e9de

Download Submit
C:\xnojklgq\giperdragsBFS.json
Filesize
395B

MD5
6e840dd9b1daabed84d1d32f7b8c1b8b

SHA1
ecd00359d98a48fd50856845574579cd93189f6a

SHA256
5a51a2a5f900ef34f3976ac9ccbd9686dc9affe92d9c529b0c8c9361fbc0e3fb

SHA512
11d7d9477fec95d41d721c41bb909869f2bf0bcd1de4755b0a32aeabb73b3235e874e33ee633f7d43982d452849847cee885a2dadebe538f72ab5ea4d2a94ff0

Download Submit
C:\xnojklgq\info.txt
Filesize
142B

MD5
88cebd7e2150d2c3b0c6bff92766cebe

SHA1
a2f955ec6dca14621fa7242b3c7cec77fa349f21

SHA256
5ff39948360d11a40eb8fdcfdd0e31da86bb4018fad97745f570f9bebd159d38

SHA512
e0d2690e5ccaaad279ebb73c2ffc7ee3ca6fe0cbf3af3974df1124eb71fd00906a71819675a258a65411130cf0778ae7f5554d0b1b9be2a4dfd4c486a74597be

Download Submit
C:\xnojklgq\oiqwiz.exe
Filesize
1.4MB

MD5
ddc91455c12983afeda765ebc1405fc7

SHA1
818d160bfb4ae6b870083e80c12ada9bc5c6d9df

SHA256
7e87dcc6ca8263694bdd0313fe3b52d9088c5545dccace2af02e1bdf44e66554

SHA512
51cdc75b64a0ea18db0729f2b9505b1288c4defca7a5e9492922282b475b95b0307cce1daf3677f230140a2c9de594ee28e714eeab7dd69c3ed6fe466b00fe58

Download Submit
C:\xnojklgq\oiqwiz.exe
Filesize
1.4MB

MD5
ddc91455c12983afeda765ebc1405fc7

SHA1
818d160bfb4ae6b870083e80c12ada9bc5c6d9df

SHA256
7e87dcc6ca8263694bdd0313fe3b52d9088c5545dccace2af02e1bdf44e66554

SHA512
51cdc75b64a0ea18db0729f2b9505b1288c4defca7a5e9492922282b475b95b0307cce1daf3677f230140a2c9de594ee28e714eeab7dd69c3ed6fe466b00fe58

Download Submit
C:\xnojklgq\omen.bat
Filesize
78B

MD5
a15b61671e902fe28fb1bf7e459a7bdd

SHA1
694d542af6834fa4cbc81cc3b3a8a99d61378f5e

SHA256
d763ef51ee4520819f8021ebb138578ba3261aa8db5fcec7c69382cca95ff75f

SHA512
653ec95af8f6f73538b0cb8d0fe903267e56b1f1a7d810bff1f4dd5adf675ae2f5a55260b0bc41295b60052fe056b1acfa00c2a07121dd387eb7719997fa15f6

Download Submit
C:\xnojklgq\plus.exe
Filesize
253KB

MD5
81107f80c971b15dd3718f6b4070c0c1

SHA1
d93e601e3d3e96422881d81a26b4bb108635f6fd

SHA256
ab5fb605318dcc99217aa0c1fb7b646ec16a242db5c8cfa50316794d3c979921

SHA512
c9185e949a7a5a24c9047c7fbfb5702c5f74e8ab5e57dcf2ac893b92d8b1be6e8b8247c83cd746a9eb932b316b691d4f971c19464d9faf6fe2c309b2c10810be

Download Submit
C:\xnojklgq\plus.exe
Filesize
253KB

MD5
81107f80c971b15dd3718f6b4070c0c1

SHA1
d93e601e3d3e96422881d81a26b4bb108635f6fd

SHA256
ab5fb605318dcc99217aa0c1fb7b646ec16a242db5c8cfa50316794d3c979921

SHA512
c9185e949a7a5a24c9047c7fbfb5702c5f74e8ab5e57dcf2ac893b92d8b1be6e8b8247c83cd746a9eb932b316b691d4f971c19464d9faf6fe2c309b2c10810be

Download Submit
C:\xnojklgq\plus.exe
Filesize
253KB

MD5
ca106b2dd914c5f5b7c0b30e503e35d9

SHA1
0c072402d244612f45f9901a3a22726226a64e29

SHA256
b300747328bd15f160c5bc063e80a961ebf56f3efe2c14da0c51dcbb38b0a55b

SHA512
ee4afcfe7763c66d8a9f2eafa0bd889b0aa86ebaad18d817f23dc6240a214425837dc593dbed971a07a51455ca6911a5f777912687a56e0d8446db0a31664c0a

Download Submit
memory/228-213-0x0000000000000000-mapping.dmp

Download
memory/244-147-0x0000000000000000-mapping.dmp

Download
memory/432-161-0x0000000000000000-mapping.dmp

Download
memory/436-175-0x0000000000000000-mapping.dmp

Download
memory/544-145-0x0000000000000000-mapping.dmp

Download
memory/544-212-0x0000000000000000-mapping.dmp

Download
memory/556-181-0x0000000000000000-mapping.dmp

Download
memory/824-156-0x0000000000000000-mapping.dmp

Download
memory/1040-193-0x0000000000000000-mapping.dmp

Download
memory/1044-209-0x0000000000000000-mapping.dmp

Download
memory/1200-166-0x0000000000000000-mapping.dmp

Download
memory/1364-178-0x0000000000000000-mapping.dmp

Download
memory/1368-136-0x0000000000000000-mapping.dmp

Download
memory/1448-182-0x0000000000000000-mapping.dmp

Download
memory/1472-172-0x0000000000000000-mapping.dmp

Download
memory/1540-137-0x0000000000000000-mapping.dmp

Download
memory/1564-214-0x0000000000000000-mapping.dmp

Download
memory/1700-211-0x0000000000000000-mapping.dmp

Download
memory/1788-180-0x0000000000000000-mapping.dmp

Download
memory/1796-196-0x0000000000000000-mapping.dmp

Download
memory/2088-199-0x0000000000000000-mapping.dmp

Download
memory/2124-188-0x0000000000000000-mapping.dmp

Download
memory/2128-138-0x0000000000000000-mapping.dmp

Download
memory/2204-164-0x0000000000000000-mapping.dmp

Download
memory/2208-183-0x0000000000000000-mapping.dmp

Download
memory/2556-195-0x0000000000000000-mapping.dmp

Download
memory/2744-150-0x0000000000000000-mapping.dmp

Download
memory/2960-191-0x0000000000000000-mapping.dmp

Download
memory/3104-159-0x0000000000000000-mapping.dmp

Download
memory/3136-208-0x0000000000000000-mapping.dmp

Download
memory/3184-177-0x0000000000000000-mapping.dmp

Download
memory/3200-184-0x0000000000000000-mapping.dmp

Download
memory/3448-200-0x0000000000000000-mapping.dmp

Download
memory/3556-190-0x0000000000000000-mapping.dmp

Download
memory/3680-207-0x0000000000000000-mapping.dmp

Download
memory/3704-149-0x0000000000000000-mapping.dmp

Download
memory/3808-189-0x0000000000000000-mapping.dmp

Download
memory/3912-198-0x0000000000000000-mapping.dmp

Download
memory/3992-174-0x0000000000000000-mapping.dmp

Download
memory/4060-194-0x0000000000000000-mapping.dmp

Download
memory/4212-171-0x0000000000000000-mapping.dmp

Download
memory/4248-143-0x0000000000000000-mapping.dmp

Download
memory/4380-186-0x0000000000000000-mapping.dmp

Download
memory/4396-192-0x0000000000000000-mapping.dmp

Download
memory/4432-179-0x0000000000000000-mapping.dmp

Download
memory/4524-203-0x0000000000000000-mapping.dmp

Download
memory/4536-187-0x0000000000000000-mapping.dmp

Download
memory/4580-167-0x0000000000000000-mapping.dmp

Download
memory/4616-185-0x0000000000000000-mapping.dmp

Download
memory/4720-197-0x0000000000000000-mapping.dmp

Download
memory/4740-206-0x0000000000000000-mapping.dmp

Download
memory/4744-130-0x0000000000000000-mapping.dmp

Download
memory/4784-201-0x0000000000000000-mapping.dmp

Download
memory/4796-210-0x0000000000000000-mapping.dmp

Download
memory/4808-133-0x0000000000000000-mapping.dmp

Download
memory/4872-142-0x0000000000000000-mapping.dmp

Download
memory/4924-165-0x0000000000000000-mapping.dmp

Download
memory/4940-204-0x0000000000000000-mapping.dmp

Download
memory/4956-202-0x0000000000000000-mapping.dmp

Download
memory/4964-205-0x0000000000000000-mapping.dmp

Download
memory/4964-135-0x0000000000000000-mapping.dmp

Download
memory/4980-176-0x0000000000000000-mapping.dmp

Download
memory/4988-134-0x0000000000000000-mapping.dmp

Download
memory/4996-173-0x0000000000000000-mapping.dmp

Download