d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-05-2022 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exe
Size

3.4MB
MD5

888d36190614310fbfc16548f3568e84
SHA1

238d4bc0cdc004c1c2be109058375e85f6342fc8
SHA256

d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92
SHA512

23852fddcbdc526bfeebd7fad33715553e155c3d16a9ae67b314da0f4678ae5fe761c6fa9894be3fe43b84666db29e08f7d77cdce5b27944e33cab3f53ab39f9

Score

8^/10

miner upx

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

Rar.exemonvuibk.exeRar.exeplus.exeoiqwiz.exe

pid process

3432 Rar.exe
1216 monvuibk.exe
1972 Rar.exe
4348 plus.exe
992 oiqwiz.exe

pid	process
3432	Rar.exe
1216	monvuibk.exe
1972	Rar.exe
4348	plus.exe
992	oiqwiz.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\xnojklgq\oiqwiz.exe	upx
C:\xnojklgq\oiqwiz.exe	upx

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exeWScript.exemonvuibk.exeplus.exeWScript.exeWScript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	monvuibk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	plus.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	WScript.exe

Cryptocurrency Miner
Makes network request to known mining pool URL.
miner
Drops startup file 1 IoCs

Processes:

plus.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xnojklgq.lnk plus.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xnojklgq.lnk	plus.exe

Delays execution with timeout.exe 64 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid	process
3892	timeout.exe
4908	timeout.exe
3124	timeout.exe
448	timeout.exe
1896	timeout.exe
2876	timeout.exe
3672	timeout.exe
4780	timeout.exe
4760	timeout.exe
1836	timeout.exe
3432	timeout.exe
4128	timeout.exe
3816	timeout.exe
2364	timeout.exe
4916	timeout.exe
2012	timeout.exe
4772	timeout.exe
5044	timeout.exe
3696	timeout.exe
2056	timeout.exe
4844	timeout.exe
3012	timeout.exe
2200	timeout.exe
4876	timeout.exe
2228	timeout.exe
672	timeout.exe
3988	timeout.exe
1352	timeout.exe
4752	timeout.exe
3892	timeout.exe
4652	timeout.exe
4468	timeout.exe
3168	timeout.exe
376	timeout.exe
3696	timeout.exe
2032	timeout.exe
3664	timeout.exe
4592	timeout.exe
4384	timeout.exe
4060	timeout.exe
4312	timeout.exe
4304	timeout.exe
3892	timeout.exe
4376	timeout.exe
3624	timeout.exe
4392	timeout.exe
896	timeout.exe
4896	timeout.exe
2624	timeout.exe
220	timeout.exe
4400	timeout.exe
2424	timeout.exe
3816	timeout.exe
4780	timeout.exe
4476	timeout.exe
2452	timeout.exe
4708	timeout.exe
816	timeout.exe
5032	timeout.exe
3676	timeout.exe
4056	timeout.exe
1680	timeout.exe
5056	timeout.exe
4908	timeout.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid	process
4880	tasklist.exe
4024	tasklist.exe
2292	tasklist.exe
3104	tasklist.exe
2388	tasklist.exe
1136	tasklist.exe
3404	tasklist.exe
1416	tasklist.exe
4920	tasklist.exe
4556	tasklist.exe
1284	tasklist.exe
3996	tasklist.exe
4556	tasklist.exe
2452	tasklist.exe
4720	tasklist.exe
4920	tasklist.exe
5028	tasklist.exe
5020	tasklist.exe
3448	tasklist.exe
3988	tasklist.exe
2016	tasklist.exe
3316	tasklist.exe
4844	tasklist.exe
4324	tasklist.exe
3760	tasklist.exe
740	tasklist.exe
444	tasklist.exe
1692	tasklist.exe
4536	tasklist.exe
2536	tasklist.exe
2560	tasklist.exe
1288	tasklist.exe
1788	tasklist.exe
1508	tasklist.exe
3768	tasklist.exe
4356	tasklist.exe
3600	tasklist.exe
2432	tasklist.exe
4952	tasklist.exe
820	tasklist.exe
3288	tasklist.exe
1800	tasklist.exe
4568	tasklist.exe
2132	tasklist.exe
1440	tasklist.exe
116	tasklist.exe
4040	tasklist.exe
1712	tasklist.exe
2128	tasklist.exe
2620	tasklist.exe
3524	tasklist.exe
3728	tasklist.exe
3616	tasklist.exe
2816	tasklist.exe
2604	tasklist.exe
2544	tasklist.exe
5056	tasklist.exe
1848	tasklist.exe
4316	tasklist.exe
3796	tasklist.exe
3692	tasklist.exe
4860	tasklist.exe
3748	tasklist.exe
4024	tasklist.exe

Kills process with taskkill 3 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

5028 taskkill.exe
396 taskkill.exe
1244 taskkill.exe

pid	process
5028	taskkill.exe
396	taskkill.exe
1244	taskkill.exe

Modifies registry class 2 IoCs

Processes:

d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exeplus.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000_Classes\Local Settings	d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000_Classes\Local Settings	plus.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

monvuibk.exe

pid	process
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe
1216	monvuibk.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

description	pid	process
Token: SeDebugPrivilege	5028	taskkill.exe
Token: SeDebugPrivilege	396	taskkill.exe
Token: SeDebugPrivilege	1244	taskkill.exe
Token: SeDebugPrivilege	4668	tasklist.exe
Token: SeDebugPrivilege	1400	tasklist.exe
Token: SeDebugPrivilege	4880	tasklist.exe
Token: SeDebugPrivilege	4796	tasklist.exe
Token: SeDebugPrivilege	1284	tasklist.exe
Token: SeDebugPrivilege	656	tasklist.exe
Token: SeDebugPrivilege	5016	tasklist.exe
Token: SeDebugPrivilege	4920	tasklist.exe
Token: SeDebugPrivilege	1136	tasklist.exe
Token: SeDebugPrivilege	5028	tasklist.exe
Token: SeDebugPrivilege	2432	tasklist.exe
Token: SeDebugPrivilege	1624	tasklist.exe
Token: SeDebugPrivilege	4312	tasklist.exe
Token: SeDebugPrivilege	1088	tasklist.exe
Token: SeDebugPrivilege	1064	tasklist.exe
Token: SeDebugPrivilege	4188	tasklist.exe
Token: SeDebugPrivilege	4996	tasklist.exe
Token: SeDebugPrivilege	400	tasklist.exe
Token: SeDebugPrivilege	1888	tasklist.exe
Token: SeDebugPrivilege	4212	tasklist.exe
Token: SeDebugPrivilege	2544	tasklist.exe
Token: SeDebugPrivilege	940	tasklist.exe
Token: SeDebugPrivilege	4380	tasklist.exe
Token: SeDebugPrivilege	3596	tasklist.exe
Token: SeDebugPrivilege	3808	tasklist.exe
Token: SeDebugPrivilege	5100	tasklist.exe
Token: SeDebugPrivilege	2016	tasklist.exe
Token: SeDebugPrivilege	4940	tasklist.exe
Token: SeDebugPrivilege	3468	tasklist.exe
Token: SeDebugPrivilege	1096	tasklist.exe
Token: SeDebugPrivilege	3872	tasklist.exe
Token: SeDebugPrivilege	4500	tasklist.exe
Token: SeDebugPrivilege	2260	tasklist.exe
Token: SeDebugPrivilege	1676	tasklist.exe
Token: SeDebugPrivilege	1508	tasklist.exe
Token: SeDebugPrivilege	4424	tasklist.exe
Token: SeDebugPrivilege	5096	tasklist.exe
Token: SeDebugPrivilege	4296	tasklist.exe
Token: SeDebugPrivilege	3840	tasklist.exe
Token: SeDebugPrivilege	2416	tasklist.exe
Token: SeDebugPrivilege	4388	tasklist.exe
Token: SeDebugPrivilege	4808	tasklist.exe
Token: SeDebugPrivilege	5092	tasklist.exe
Token: SeDebugPrivilege	1272	tasklist.exe
Token: SeDebugPrivilege	3188	tasklist.exe
Token: SeDebugPrivilege	4800	tasklist.exe
Token: SeDebugPrivilege	4556	tasklist.exe
Token: SeDebugPrivilege	4468	tasklist.exe
Token: SeDebugPrivilege	3676	tasklist.exe
Token: SeDebugPrivilege	1832	tasklist.exe
Token: SeDebugPrivilege	1340	tasklist.exe
Token: SeDebugPrivilege	740	tasklist.exe
Token: SeDebugPrivilege	2440	tasklist.exe
Token: SeDebugPrivilege	3148	tasklist.exe
Token: SeDebugPrivilege	2780	tasklist.exe
Token: SeDebugPrivilege	3616	tasklist.exe
Token: SeDebugPrivilege	4952	tasklist.exe
Token: SeDebugPrivilege	3768	tasklist.exe
Token: SeDebugPrivilege	1528	tasklist.exe
Token: SeDebugPrivilege	396	tasklist.exe
Token: SeDebugPrivilege	2132	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exeWScript.execmd.exemonvuibk.execmd.exeplus.exeWScript.exeWScript.execmd.execmd.execmd.exe

description	pid	process	target process
PID 2896 wrote to memory of 4060	2896	d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exe	WScript.exe
PID 2896 wrote to memory of 4060	2896	d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exe	WScript.exe
PID 2896 wrote to memory of 4060	2896	d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exe	WScript.exe
PID 4060 wrote to memory of 3440	4060	WScript.exe	cmd.exe
PID 4060 wrote to memory of 3440	4060	WScript.exe	cmd.exe
PID 4060 wrote to memory of 3440	4060	WScript.exe	cmd.exe
PID 3440 wrote to memory of 5028	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 5028	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 5028	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 396	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 396	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 396	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 2532	3440	cmd.exe	timeout.exe
PID 3440 wrote to memory of 2532	3440	cmd.exe	timeout.exe
PID 3440 wrote to memory of 2532	3440	cmd.exe	timeout.exe
PID 3440 wrote to memory of 2060	3440	cmd.exe	chcp.com
PID 3440 wrote to memory of 2060	3440	cmd.exe	chcp.com
PID 3440 wrote to memory of 2060	3440	cmd.exe	chcp.com
PID 3440 wrote to memory of 3432	3440	cmd.exe	Rar.exe
PID 3440 wrote to memory of 3432	3440	cmd.exe	Rar.exe
PID 3440 wrote to memory of 3432	3440	cmd.exe	Rar.exe
PID 3440 wrote to memory of 1244	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 1244	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 1244	3440	cmd.exe	taskkill.exe
PID 3440 wrote to memory of 1216	3440	cmd.exe	monvuibk.exe
PID 3440 wrote to memory of 1216	3440	cmd.exe	monvuibk.exe
PID 3440 wrote to memory of 1216	3440	cmd.exe	monvuibk.exe
PID 3440 wrote to memory of 2032	3440	cmd.exe	timeout.exe
PID 3440 wrote to memory of 2032	3440	cmd.exe	timeout.exe
PID 3440 wrote to memory of 2032	3440	cmd.exe	timeout.exe
PID 1216 wrote to memory of 4820	1216	monvuibk.exe	cmd.exe
PID 1216 wrote to memory of 4820	1216	monvuibk.exe	cmd.exe
PID 1216 wrote to memory of 4820	1216	monvuibk.exe	cmd.exe
PID 4820 wrote to memory of 4276	4820	cmd.exe	chcp.com
PID 4820 wrote to memory of 4276	4820	cmd.exe	chcp.com
PID 4820 wrote to memory of 4276	4820	cmd.exe	chcp.com
PID 4820 wrote to memory of 1972	4820	cmd.exe	Rar.exe
PID 4820 wrote to memory of 1972	4820	cmd.exe	Rar.exe
PID 4820 wrote to memory of 1972	4820	cmd.exe	Rar.exe
PID 1216 wrote to memory of 4348	1216	monvuibk.exe	plus.exe
PID 1216 wrote to memory of 4348	1216	monvuibk.exe	plus.exe
PID 1216 wrote to memory of 4348	1216	monvuibk.exe	plus.exe
PID 4348 wrote to memory of 4524	4348	plus.exe	WScript.exe
PID 4348 wrote to memory of 4524	4348	plus.exe	WScript.exe
PID 4348 wrote to memory of 4524	4348	plus.exe	WScript.exe
PID 4348 wrote to memory of 376	4348	plus.exe	WScript.exe
PID 4348 wrote to memory of 376	4348	plus.exe	WScript.exe
PID 4348 wrote to memory of 376	4348	plus.exe	WScript.exe
PID 376 wrote to memory of 2384	376	WScript.exe	cmd.exe
PID 376 wrote to memory of 2384	376	WScript.exe	cmd.exe
PID 376 wrote to memory of 2384	376	WScript.exe	cmd.exe
PID 4524 wrote to memory of 4184	4524	WScript.exe	cmd.exe
PID 4524 wrote to memory of 4184	4524	WScript.exe	cmd.exe
PID 4524 wrote to memory of 4184	4524	WScript.exe	cmd.exe
PID 4184 wrote to memory of 3696	4184	cmd.exe	timeout.exe
PID 4184 wrote to memory of 3696	4184	cmd.exe	timeout.exe
PID 4184 wrote to memory of 3696	4184	cmd.exe	timeout.exe
PID 2384 wrote to memory of 992	2384	cmd.exe	oiqwiz.exe
PID 2384 wrote to memory of 992	2384	cmd.exe	oiqwiz.exe
PID 4184 wrote to memory of 944	4184	cmd.exe	cmd.exe
PID 4184 wrote to memory of 944	4184	cmd.exe	cmd.exe
PID 4184 wrote to memory of 944	4184	cmd.exe	cmd.exe
PID 944 wrote to memory of 4668	944	cmd.exe	tasklist.exe
PID 944 wrote to memory of 4668	944	cmd.exe	tasklist.exe

C:\Users\Admin\AppData\Local\Temp\d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exe
"C:\Users\Admin\AppData\Local\Temp\d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2896

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\sunshiqn\run.vbs"
2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4060

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\sunshiqn\pause.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:3440

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rar.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5028

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rar.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:396

C:\Windows\SysWOW64\timeout.exe
timeout 3
4⤵
PID:2532

C:\Windows\SysWOW64\chcp.com
chcp 1251
4⤵
PID:2060

C:\sunshiqn\Rar.exe
"Rar.exe" e -p555 privat.rar
4⤵
- Executes dropped EXE
PID:3432

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rar.exe
4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1244

C:\sunshiqn\monvuibk.exe
monvuibk.exe
4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1216

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\xnojklgq\omen.bat" "
5⤵
- Suspicious use of WriteProcessMemory
PID:4820

C:\Windows\SysWOW64\chcp.com
chcp 1251
6⤵
PID:4276

C:\xnojklgq\Rar.exe
"Rar.exe" c -zinfo.txt "plus.exe"
6⤵
- Executes dropped EXE
PID:1972

C:\xnojklgq\plus.exe
"C:\xnojklgq\plus.exe"
5⤵
- Executes dropped EXE
- Checks computer location settings
- Drops startup file
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4348

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\xnojklgq\Go.vbs"
6⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4524

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\xnojklgq\Go.bat" "
7⤵
- Suspicious use of WriteProcessMemory
PID:4184

C:\Windows\SysWOW64\timeout.exe
timeout /t 2 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3696

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
- Suspicious use of WriteProcessMemory
PID:944

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4668

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4380

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1800

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1400

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3808

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4880

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1472

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2440

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4796

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3148

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1284

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4892

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4952

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:656

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4020

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:5016

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3768

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3400

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4920

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4900

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1136

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1836

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3816

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5028

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2504

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2432

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4508

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2072

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2116

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4312

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4376

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2012

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1088

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4356

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1064

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4708

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2656

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4188

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4528

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4996

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2356

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:516

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:400

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:376

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1888

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4768

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1908

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4212

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:892

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2544

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4860

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4248

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:940

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1804

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4380

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3664

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1400

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3596

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2568

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3808

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1680

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4240

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:5100

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5068

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2016

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4656

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1808

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4940

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2200

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3468

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3000

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4892

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1096

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4084

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3872

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3892

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3108

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4500

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1824

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2260

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1136

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4344

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1676

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5056

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1508

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3104

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3404

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4424

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3508

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:5096

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3432

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4364

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4296

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1416

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3840

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3340

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2012

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2416

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1064

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4388

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4128

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3200

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4808

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3288

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:5092

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4172

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4748

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1272

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3588

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3188

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1712

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1452

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4800

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4696

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4556

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1504

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4896

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:4468

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1852

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3676

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2056

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4160

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1832

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4772

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1340

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:672

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3208

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:740

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4592

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2440

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4844

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4608

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:3148

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2408

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:2780

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4916

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3492

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3616

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3496

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:4952

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3988

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3680

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3768

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4008

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:1528

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3764

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3184

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Suspicious use of AdjustPrivilegeToken
PID:396

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1960

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:2132

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3816

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5056

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1536

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3536

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:3104

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4400

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3404

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2060

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5096

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4308

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4312

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4364

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4204

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1416

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1384

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2024

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2244

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4820

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4356

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4520

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4056

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2112

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3172

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2296

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:328

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4780

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:400

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:444

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1108

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:376

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1468

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4212

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1224

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2544

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4784

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4860

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:940

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4080

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4380

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3280

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3664

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3596

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:820

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3808

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3632

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1680

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4232

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2080

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1944

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5004

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3168

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1896

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4352

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3612

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5088

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3732

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3524

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2912

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4084

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2364

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3892

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2704

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3728

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1868

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5016

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1824

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4408

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4624

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4900

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3624

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1836

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4024

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1588

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1692

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:5056

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5040

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2512

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2432

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2504

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1464

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:884

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2604

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:864

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:5096

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1480

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4364

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4276

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1416

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1288

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4180

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4128

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:5020

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2656

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4316

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5000

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3288

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4324

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4172

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2216

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1548

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:400

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3004

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1108

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1468

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2424

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4212

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4696

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2544

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4860

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1352

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:940

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3748

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4380

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3664

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4304

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4300

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2620

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:672

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3208

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3132

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2732

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2388

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2328

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4224

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:1896

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4548

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2408

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4916

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3616

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3672

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:384

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:656

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1152

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:520

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3364

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4060

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3680

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1528

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4536

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4920

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3452

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3448

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3624

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3816

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4752

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1608

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:1692

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:504

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2536

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2512

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1716

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:5076

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1464

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2128

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:884

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4328

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1724

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1404

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:624

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1384

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4276

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4828

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2416

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1416

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:752

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4520

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4356

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4528

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3200

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4992

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2112

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:220

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4812

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:3288

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4780

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4172

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1548

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3588

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3188

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3440

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1468

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1224

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4784

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4696

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4468

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1372

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1352

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3280

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:940

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1320

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3484

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3596

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4880

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4772

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4300

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3316

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:672

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3132

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3124

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2732

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4608

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4224

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2816

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2200

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4012

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3796

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3000

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:3524

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4908

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2976

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3628

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1148

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4252

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3892

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1868

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1076

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3764

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2260

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:816

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2896

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:1136

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2592

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:848

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3816

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:456

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:5056

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2236

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4508

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2164

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5040

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2432

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5076

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:3404

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2128

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1628

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4912

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4288

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:1440

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4328

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3340

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:624

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1384

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4392

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2012

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4820

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:1416

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4220

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:896

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4824

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4504

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4384

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4056

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:116

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5072

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4136

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:220

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1272

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3288

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4780

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2316

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1124

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2888

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3004

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1456

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:892

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1908

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1532

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1216

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3012

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2652

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:860

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3676

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1804

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1784

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1988

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3664

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3808

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:1800

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4772

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3208

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4856

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2080

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4240

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3124

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3148

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1184

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3612

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2328

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2200

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3636

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2120

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2912

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3732

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4908

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:520

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2136

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4760

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3020

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3892

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1068

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4500

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5016

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2096

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:816

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5032

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2132

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1836

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4024

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:448

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1508

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3600

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5056

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2536

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4476

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1460

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2504

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2512

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1244

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1716

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1140

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2560

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2624

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:984

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3508

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4756

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4872

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:624

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4364

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4392

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4788

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4432

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1416

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:5044

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:896

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5008

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4292

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4384

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:5012

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:116

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4996

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4748

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:220

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4192

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3288

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:668

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:516

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1124

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4040

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3004

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2788

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:1712

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3696

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:944

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4896

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3140

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3692

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4248

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:1848

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3748

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4380

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1784

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3564

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1340

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3632

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3048

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4844

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1144

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2440

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5068

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1808

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1896

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4876

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4888

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3168

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4892

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3896

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3616

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4916

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3804

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4020

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:384

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:520

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:3728

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4760

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3892

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4532

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1068

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1824

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5016

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:396

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4920

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3448

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3452

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5028

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:448

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3996

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1220

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2452

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2236

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4424

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1688

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3432

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1624

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4592

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1716

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2332

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1140

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3824

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2624

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3508

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4164

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4756

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2340

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:624

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4792

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:1288

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5020

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4708

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4936

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:896

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4356

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:5008

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3200

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4384

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:116

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:5000

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4996

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4324

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:220

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3288

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2152

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3480

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1656

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:376

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4800

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1108

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2788

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4556

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3696

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4896

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1832

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:364

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:3676

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1400

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1660

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4880

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2056

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3808

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1204

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2016

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3048

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4232

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:4240

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2780

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:1284

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3468

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2816

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4876

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3168

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3796

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4892

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3672

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3616

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3804

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3988

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4596

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3400

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4060

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:3108

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2352

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4408

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1528

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1524

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:5016

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:1788

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:3688

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:3044

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:5032

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:1536

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3600

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1608

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2536

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2452

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4508

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:4320

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1688

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:4568

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:1624

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:2072

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:2128

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2332

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:1628

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:3824

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4288

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:4720

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4164

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4828

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2340

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4204

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1956

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2648

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:2700

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:5044

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:752

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
- Enumerates processes with tasklist
PID:3760

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4220

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4660

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:2036

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4356

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:3648

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1448

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4528

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
PID:5008

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:828

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:1484

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:2324

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
- Enumerates processes with tasklist
PID:2292

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:4652

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4136

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:328

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:1172

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4396

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2228

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
8⤵
PID:4780

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq oiqwiz.exe"
9⤵
PID:2152

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
8⤵
PID:4728

C:\Windows\SysWOW64\tasklist.exe
tasklist /NH /FI "IMAGENAME eq Taskmgr.exe"
9⤵
PID:4768

C:\Windows\SysWOW64\timeout.exe
timeout /t 1 /nobreak
8⤵
- Delays execution with timeout.exe
PID:2876

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\xnojklgq\Auto.vbs"
6⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:376

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\xnojklgq\Auto.bat" "
7⤵
- Suspicious use of WriteProcessMemory
PID:2384

C:\xnojklgq\oiqwiz.exe
"oiqwiz.exe"
8⤵
- Executes dropped EXE
PID:992

C:\Windows\SysWOW64\timeout.exe
timeout 2
4⤵
- Delays execution with timeout.exe
PID:2032

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\sunshiqn\Rar.exe
Filesize
370KB

MD5
2e86a9862257a0cf723ceef3868a1a12

SHA1
a4324281823f0800132bf13f5ad3860e6b5532c6

SHA256
2356220cfa9159b463d762e2833f647a04fa58b4c627fcb4fb1773d199656ab8

SHA512
3a8e0389637fc8a3f8bab130326fe091ead8c0575a1a3861622466d4e3c37818c928bc74af4d14b5bb3080dfae46e41fee2c362a7093b5aa3b9df39110c8e9de

Download Submit
C:\sunshiqn\Rar.exe
Filesize
370KB

MD5
2e86a9862257a0cf723ceef3868a1a12

SHA1
a4324281823f0800132bf13f5ad3860e6b5532c6

SHA256
2356220cfa9159b463d762e2833f647a04fa58b4c627fcb4fb1773d199656ab8

SHA512
3a8e0389637fc8a3f8bab130326fe091ead8c0575a1a3861622466d4e3c37818c928bc74af4d14b5bb3080dfae46e41fee2c362a7093b5aa3b9df39110c8e9de

Download Submit
C:\sunshiqn\monvuibk.exe
Filesize
6.5MB

MD5
5a5db532785179ed05b8a80187d7ee21

SHA1
e42a3a40e836b691c2aa9dbe9600da17c8c75763

SHA256
43d61d6b22303523a18c79162c58c15f108635a6b9bbff1a3331b74624467593

SHA512
4e45569289f3dbe5abd7c2f4303e2af0facdf239ec1effd2d15fac01f129bcd44ece0b389892ad70a42d0dd511e156adb5ce98176158c0ea42b4b0fefa51138b

Download Submit
C:\sunshiqn\monvuibk.exe
Filesize
6.5MB

MD5
5a5db532785179ed05b8a80187d7ee21

SHA1
e42a3a40e836b691c2aa9dbe9600da17c8c75763

SHA256
43d61d6b22303523a18c79162c58c15f108635a6b9bbff1a3331b74624467593

SHA512
4e45569289f3dbe5abd7c2f4303e2af0facdf239ec1effd2d15fac01f129bcd44ece0b389892ad70a42d0dd511e156adb5ce98176158c0ea42b4b0fefa51138b

Download Submit
C:\sunshiqn\pause.bat
Filesize
325B

MD5
fb085f47185862061fa2adb5acc58171

SHA1
5f91cf2e8bc109e20dbe97ab91d0b047a727e93b

SHA256
fec96179e59437ede713340e5686b681c107a0363e79c5c24045887f5e7d3e1b

SHA512
a2ac14d7e67fa5d13312141b76fbc11cd373dfb1499b7d575c80e4409334a4bb28523d31044003fd907e5e52ac5e5cc45377551b1d3b704b94b2de7de892e76e

Download Submit
C:\sunshiqn\privat.rar
Filesize
3.0MB

MD5
bcd1d52c65ff0c640681ef7f4b4dd701

SHA1
b3a364dda02cd50ebb7990b2bfee1779a001bd95

SHA256
c54c442cfc5b905a337c740e1008ada67158e22c1b780d39e0e7c5e90ab82750

SHA512
bd9f2033a337acfed85e500588814530f81ef299a241998ae20d4518b01d9094e7ec65f7da2bfbc6328b9a89fd90cdc9233e575274efd4db04269baf035526b8

Download Submit
C:\sunshiqn\run.vbs
Filesize
84B

MD5
6a5f5a48072a1adae96d2bd88848dcff

SHA1
b381fa864db6c521cbf1133a68acf1db4baa7005

SHA256
c7758bb2fdf207306a5b83c9916bfffcc5e85efe14c8f00d18e2b6639b9780fe

SHA512
d11101b11a95d39a2b23411955e869f92451e1613b150c15d953cccf0f741fb6c3cf082124af8b67d4eb40feb112e1167a1e25bdeab9e433af3ccc5384ccb90c

Download Submit
C:\xnojklgq\Auto.bat
Filesize
219B

MD5
88659c9200f43efa7eedad229588356b

SHA1
36b4c368c1f5c75ca990b4d14f8a5eec903485b1

SHA256
4c77b094a906d8a0299b275581628e66c9d4e6ca96dcede7e67a3eb1c2aec2cc

SHA512
a4fe7494848608cdfe65b221edf479ff725c420772899b27db3beef540e64bf36dbc1beca31651b34664445238052d5e41360c47efe17058daa7c848103944ee

Download Submit
C:\xnojklgq\Auto.vbs
Filesize
118B

MD5
8cab8206831c992d7c6dd5f9cfea94d9

SHA1
e36b6dd77691dbf8b1bcb4ce986e3432ff9d06af

SHA256
519603f0aa335880a3a93ba0c193a81b0bff798d931e07e4b6a4109f5a174a52

SHA512
82561a074d840666c6a2549b32d2e6f9d172d6dd7c4a5ee1009f4863fd9522cbbd8296fcdd9534a8243e22f89c6555c10c160576c5f1af516b675bc6d90de105

Download Submit
C:\xnojklgq\Go.bat
Filesize
716B

MD5
6b5ec49cb5d3ae843891067a3484d99e

SHA1
7a903ae5924a1c2dd5406afdf8fa694243d2a26b

SHA256
7874c9ef2c75258c90f01bbc3d5a3f9ed65f1f09c8b00a39b7cfb07f7b45740f

SHA512
9279071dfb1a599827919cff376ae1ef0f518415180ecf1631563caf7c0548f827373e4fee44e24eb705b55107f1bf945aa3cdfd618fdb54ed9c7f381fef4101

Download Submit
C:\xnojklgq\Go.vbs
Filesize
227B

MD5
a3f3d477adf9ca6fffc7eb6ecd9eb17d

SHA1
611442499a4d0ae3fbce1ae1cde20cb92360bb75

SHA256
4e7ea70519889275be433f5bf53a4c81e0ea3db8f0bd2429b68b4f9b262d307c

SHA512
0b4864684acac03fe25b4c80677c4da9e0890cf1b3164e98ee9f807a54017e0f1bceec4010de11b5be5ebedc32f9fe3dc53d5c9529a1ce26485669f00611746d

Download Submit
C:\xnojklgq\Rar.exe
Filesize
370KB

MD5
2e86a9862257a0cf723ceef3868a1a12

SHA1
a4324281823f0800132bf13f5ad3860e6b5532c6

SHA256
2356220cfa9159b463d762e2833f647a04fa58b4c627fcb4fb1773d199656ab8

SHA512
3a8e0389637fc8a3f8bab130326fe091ead8c0575a1a3861622466d4e3c37818c928bc74af4d14b5bb3080dfae46e41fee2c362a7093b5aa3b9df39110c8e9de

Download Submit
C:\xnojklgq\Rar.exe
Filesize
370KB

MD5
2e86a9862257a0cf723ceef3868a1a12

SHA1
a4324281823f0800132bf13f5ad3860e6b5532c6

SHA256
2356220cfa9159b463d762e2833f647a04fa58b4c627fcb4fb1773d199656ab8

SHA512
3a8e0389637fc8a3f8bab130326fe091ead8c0575a1a3861622466d4e3c37818c928bc74af4d14b5bb3080dfae46e41fee2c362a7093b5aa3b9df39110c8e9de

Download Submit
C:\xnojklgq\giperdragsBFS.json
Filesize
395B

MD5
6e840dd9b1daabed84d1d32f7b8c1b8b

SHA1
ecd00359d98a48fd50856845574579cd93189f6a

SHA256
5a51a2a5f900ef34f3976ac9ccbd9686dc9affe92d9c529b0c8c9361fbc0e3fb

SHA512
11d7d9477fec95d41d721c41bb909869f2bf0bcd1de4755b0a32aeabb73b3235e874e33ee633f7d43982d452849847cee885a2dadebe538f72ab5ea4d2a94ff0

Download Submit
C:\xnojklgq\info.txt
Filesize
142B

MD5
88cebd7e2150d2c3b0c6bff92766cebe

SHA1
a2f955ec6dca14621fa7242b3c7cec77fa349f21

SHA256
5ff39948360d11a40eb8fdcfdd0e31da86bb4018fad97745f570f9bebd159d38

SHA512
e0d2690e5ccaaad279ebb73c2ffc7ee3ca6fe0cbf3af3974df1124eb71fd00906a71819675a258a65411130cf0778ae7f5554d0b1b9be2a4dfd4c486a74597be

Download Submit
C:\xnojklgq\oiqwiz.exe
Filesize
1.4MB

MD5
ddc91455c12983afeda765ebc1405fc7

SHA1
818d160bfb4ae6b870083e80c12ada9bc5c6d9df

SHA256
7e87dcc6ca8263694bdd0313fe3b52d9088c5545dccace2af02e1bdf44e66554

SHA512
51cdc75b64a0ea18db0729f2b9505b1288c4defca7a5e9492922282b475b95b0307cce1daf3677f230140a2c9de594ee28e714eeab7dd69c3ed6fe466b00fe58

Download Submit
C:\xnojklgq\oiqwiz.exe
Filesize
1.4MB

MD5
ddc91455c12983afeda765ebc1405fc7

SHA1
818d160bfb4ae6b870083e80c12ada9bc5c6d9df

SHA256
7e87dcc6ca8263694bdd0313fe3b52d9088c5545dccace2af02e1bdf44e66554

SHA512
51cdc75b64a0ea18db0729f2b9505b1288c4defca7a5e9492922282b475b95b0307cce1daf3677f230140a2c9de594ee28e714eeab7dd69c3ed6fe466b00fe58

Download Submit
C:\xnojklgq\omen.bat
Filesize
78B

MD5
a15b61671e902fe28fb1bf7e459a7bdd

SHA1
694d542af6834fa4cbc81cc3b3a8a99d61378f5e

SHA256
d763ef51ee4520819f8021ebb138578ba3261aa8db5fcec7c69382cca95ff75f

SHA512
653ec95af8f6f73538b0cb8d0fe903267e56b1f1a7d810bff1f4dd5adf675ae2f5a55260b0bc41295b60052fe056b1acfa00c2a07121dd387eb7719997fa15f6

Download Submit
C:\xnojklgq\plus.exe
Filesize
253KB

MD5
ca106b2dd914c5f5b7c0b30e503e35d9

SHA1
0c072402d244612f45f9901a3a22726226a64e29

SHA256
b300747328bd15f160c5bc063e80a961ebf56f3efe2c14da0c51dcbb38b0a55b

SHA512
ee4afcfe7763c66d8a9f2eafa0bd889b0aa86ebaad18d817f23dc6240a214425837dc593dbed971a07a51455ca6911a5f777912687a56e0d8446db0a31664c0a

Download Submit
C:\xnojklgq\plus.exe
Filesize
253KB

MD5
81107f80c971b15dd3718f6b4070c0c1

SHA1
d93e601e3d3e96422881d81a26b4bb108635f6fd

SHA256
ab5fb605318dcc99217aa0c1fb7b646ec16a242db5c8cfa50316794d3c979921

SHA512
c9185e949a7a5a24c9047c7fbfb5702c5f74e8ab5e57dcf2ac893b92d8b1be6e8b8247c83cd746a9eb932b316b691d4f971c19464d9faf6fe2c309b2c10810be

Download Submit
C:\xnojklgq\plus.exe
Filesize
253KB

MD5
81107f80c971b15dd3718f6b4070c0c1

SHA1
d93e601e3d3e96422881d81a26b4bb108635f6fd

SHA256
ab5fb605318dcc99217aa0c1fb7b646ec16a242db5c8cfa50316794d3c979921

SHA512
c9185e949a7a5a24c9047c7fbfb5702c5f74e8ab5e57dcf2ac893b92d8b1be6e8b8247c83cd746a9eb932b316b691d4f971c19464d9faf6fe2c309b2c10810be

Download Submit
memory/376-161-0x0000000000000000-mapping.dmp

Download
memory/396-135-0x0000000000000000-mapping.dmp

Download
memory/516-214-0x0000000000000000-mapping.dmp

Download
memory/656-185-0x0000000000000000-mapping.dmp

Download
memory/944-171-0x0000000000000000-mapping.dmp

Download
memory/992-167-0x0000000000000000-mapping.dmp

Download
memory/1064-207-0x0000000000000000-mapping.dmp

Download
memory/1088-205-0x0000000000000000-mapping.dmp

Download
memory/1136-192-0x0000000000000000-mapping.dmp

Download
memory/1216-143-0x0000000000000000-mapping.dmp

Download
memory/1244-142-0x0000000000000000-mapping.dmp

Download
memory/1284-182-0x0000000000000000-mapping.dmp

Download
memory/1400-175-0x0000000000000000-mapping.dmp

Download
memory/1472-178-0x0000000000000000-mapping.dmp

Download
memory/1624-200-0x0000000000000000-mapping.dmp

Download
memory/1800-174-0x0000000000000000-mapping.dmp

Download
memory/1836-193-0x0000000000000000-mapping.dmp

Download
memory/1972-150-0x0000000000000000-mapping.dmp

Download
memory/2012-204-0x0000000000000000-mapping.dmp

Download
memory/2032-146-0x0000000000000000-mapping.dmp

Download
memory/2060-137-0x0000000000000000-mapping.dmp

Download
memory/2072-199-0x0000000000000000-mapping.dmp

Download
memory/2116-201-0x0000000000000000-mapping.dmp

Download
memory/2356-213-0x0000000000000000-mapping.dmp

Download
memory/2384-164-0x0000000000000000-mapping.dmp

Download
memory/2432-197-0x0000000000000000-mapping.dmp

Download
memory/2440-179-0x0000000000000000-mapping.dmp

Download
memory/2504-196-0x0000000000000000-mapping.dmp

Download
memory/2532-136-0x0000000000000000-mapping.dmp

Download
memory/2656-209-0x0000000000000000-mapping.dmp

Download
memory/3148-181-0x0000000000000000-mapping.dmp

Download
memory/3400-189-0x0000000000000000-mapping.dmp

Download
memory/3432-138-0x0000000000000000-mapping.dmp

Download
memory/3440-133-0x0000000000000000-mapping.dmp

Download
memory/3696-166-0x0000000000000000-mapping.dmp

Download
memory/3768-188-0x0000000000000000-mapping.dmp

Download
memory/3808-176-0x0000000000000000-mapping.dmp

Download
memory/3816-194-0x0000000000000000-mapping.dmp

Download
memory/4020-186-0x0000000000000000-mapping.dmp

Download
memory/4060-130-0x0000000000000000-mapping.dmp

Download
memory/4184-165-0x0000000000000000-mapping.dmp

Download
memory/4188-210-0x0000000000000000-mapping.dmp

Download
memory/4276-149-0x0000000000000000-mapping.dmp

Download
memory/4312-202-0x0000000000000000-mapping.dmp

Download
memory/4348-156-0x0000000000000000-mapping.dmp

Download
memory/4356-206-0x0000000000000000-mapping.dmp

Download
memory/4376-203-0x0000000000000000-mapping.dmp

Download
memory/4380-173-0x0000000000000000-mapping.dmp

Download
memory/4508-198-0x0000000000000000-mapping.dmp

Download
memory/4524-159-0x0000000000000000-mapping.dmp

Download
memory/4528-211-0x0000000000000000-mapping.dmp

Download
memory/4668-172-0x0000000000000000-mapping.dmp

Download
memory/4708-208-0x0000000000000000-mapping.dmp

Download
memory/4796-180-0x0000000000000000-mapping.dmp

Download
memory/4820-147-0x0000000000000000-mapping.dmp

Download
memory/4880-177-0x0000000000000000-mapping.dmp

Download
memory/4892-183-0x0000000000000000-mapping.dmp

Download
memory/4900-191-0x0000000000000000-mapping.dmp

Download
memory/4920-190-0x0000000000000000-mapping.dmp

Download
memory/4952-184-0x0000000000000000-mapping.dmp

Download
memory/4996-212-0x0000000000000000-mapping.dmp

Download
memory/5016-187-0x0000000000000000-mapping.dmp

Download
memory/5028-134-0x0000000000000000-mapping.dmp

Download
memory/5028-195-0x0000000000000000-mapping.dmp

Download