0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

Analysis

max time kernel
167s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 04:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
Size

80KB
MD5

34bc708b6f1f61e31053426a48f38e50
SHA1

43aac41070ff652e0d364f16736a605953e1f75f
SHA256

0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0
SHA512

a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302
SSDEEP

384:XegMP/sbcegMP/sbzQeVB9Zt3QetOExzqViB:XMXsb8MXsbRNgeth1uiB

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4856	nwizqjsj.exe
5048	nwizqjsj.exe
1056	nwizqjsj.exe
4524	nwizqjsj.exe
4720	nwizqjsj.exe
4048	nwizqjsj.exe
364	nwizqjsj.exe
1220	nwizqjsj.exe
3604	nwizqjsj.exe
3768	nwizqjsj.exe
4576	nwizqjsj.exe
456	nwizqjsj.exe
1840	nwizqjsj.exe
1700	nwizqjsj.exe
3544	nwizqjsj.exe
4308	nwizqjsj.exe
2112	nwizqjsj.exe
3260	nwizqjsj.exe
4832	nwizqjsj.exe
4452	nwizqjsj.exe
4280	nwizqjsj.exe
1428	nwizqjsj.exe
4932	nwizqjsj.exe
400	nwizqjsj.exe
2636	nwizqjsj.exe
4728	nwizqjsj.exe
4740	nwizqjsj.exe
2836	nwizqjsj.exe
1388	nwizqjsj.exe
4168	nwizqjsj.exe
4948	nwizqjsj.exe
4520	nwizqjsj.exe
2276	nwizqjsj.exe
880	nwizqjsj.exe
4412	nwizqjsj.exe
3496	nwizqjsj.exe
996	nwizqjsj.exe
2344	nwizqjsj.exe
4968	nwizqjsj.exe
4876	nwizqjsj.exe
3616	nwizqjsj.exe
1808	nwizqjsj.exe
400	nwizqjsj.exe
2656	nwizqjsj.exe
2816	nwizqjsj.exe
4720	nwizqjsj.exe
3680	nwizqjsj.exe
3788	nwizqjsj.exe
3652	nwizqjsj.exe
828	nwizqjsj.exe
3604	nwizqjsj.exe
2124	nwizqjsj.exe
1948	nwizqjsj.exe
4632	nwizqjsj.exe
4116	nwizqjsj.exe
3668	nwizqjsj.exe
4056	nwizqjsj.exe
4828	nwizqjsj.exe
2280	nwizqjsj.exe
4280	nwizqjsj.exe
4908	nwizqjsj.exe
3264	nwizqjsj.exe
2952	nwizqjsj.exe
1968	nwizqjsj.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File opened for modification	C:\Windows\SysWOW64\nwizqjsj.exe	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe
File created	C:\Windows\SysWOW64\nwizqjsj.exe	nwizqjsj.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
4856	nwizqjsj.exe
4856	nwizqjsj.exe
4856	nwizqjsj.exe
4856	nwizqjsj.exe
4856	nwizqjsj.exe
4856	nwizqjsj.exe
4856	nwizqjsj.exe
4856	nwizqjsj.exe
5048	nwizqjsj.exe
5048	nwizqjsj.exe
5048	nwizqjsj.exe
5048	nwizqjsj.exe
5048	nwizqjsj.exe
5048	nwizqjsj.exe
5048	nwizqjsj.exe
5048	nwizqjsj.exe
1056	nwizqjsj.exe
1056	nwizqjsj.exe
1056	nwizqjsj.exe
1056	nwizqjsj.exe
1056	nwizqjsj.exe
1056	nwizqjsj.exe
1056	nwizqjsj.exe
1056	nwizqjsj.exe
4524	nwizqjsj.exe
4524	nwizqjsj.exe
4524	nwizqjsj.exe
4524	nwizqjsj.exe
4524	nwizqjsj.exe
4524	nwizqjsj.exe
4524	nwizqjsj.exe
4524	nwizqjsj.exe
4720	nwizqjsj.exe
4720	nwizqjsj.exe
4720	nwizqjsj.exe
4720	nwizqjsj.exe
4720	nwizqjsj.exe
4720	nwizqjsj.exe
4720	nwizqjsj.exe
4720	nwizqjsj.exe
4048	nwizqjsj.exe
4048	nwizqjsj.exe
4048	nwizqjsj.exe
4048	nwizqjsj.exe
4048	nwizqjsj.exe
4048	nwizqjsj.exe
4048	nwizqjsj.exe
4048	nwizqjsj.exe
364	nwizqjsj.exe
364	nwizqjsj.exe
364	nwizqjsj.exe
364	nwizqjsj.exe
364	nwizqjsj.exe
364	nwizqjsj.exe
364	nwizqjsj.exe
364	nwizqjsj.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4856	4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe	81
PID 4844 wrote to memory of 4856	4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe	81
PID 4844 wrote to memory of 4856	4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe	81
PID 4844 wrote to memory of 5080	4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe	82
PID 4844 wrote to memory of 5080	4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe	82
PID 4844 wrote to memory of 5080	4844	0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe	82
PID 4856 wrote to memory of 5048	4856	nwizqjsj.exe	84
PID 4856 wrote to memory of 5048	4856	nwizqjsj.exe	84
PID 4856 wrote to memory of 5048	4856	nwizqjsj.exe	84
PID 4856 wrote to memory of 440	4856	nwizqjsj.exe	85
PID 4856 wrote to memory of 440	4856	nwizqjsj.exe	85
PID 4856 wrote to memory of 440	4856	nwizqjsj.exe	85
PID 5048 wrote to memory of 1056	5048	nwizqjsj.exe	87
PID 5048 wrote to memory of 1056	5048	nwizqjsj.exe	87
PID 5048 wrote to memory of 1056	5048	nwizqjsj.exe	87
PID 5048 wrote to memory of 2656	5048	nwizqjsj.exe	88
PID 5048 wrote to memory of 2656	5048	nwizqjsj.exe	88
PID 5048 wrote to memory of 2656	5048	nwizqjsj.exe	88
PID 1056 wrote to memory of 4524	1056	nwizqjsj.exe	90
PID 1056 wrote to memory of 4524	1056	nwizqjsj.exe	90
PID 1056 wrote to memory of 4524	1056	nwizqjsj.exe	90
PID 1056 wrote to memory of 2352	1056	nwizqjsj.exe	91
PID 1056 wrote to memory of 2352	1056	nwizqjsj.exe	91
PID 1056 wrote to memory of 2352	1056	nwizqjsj.exe	91
PID 4524 wrote to memory of 4720	4524	nwizqjsj.exe	93
PID 4524 wrote to memory of 4720	4524	nwizqjsj.exe	93
PID 4524 wrote to memory of 4720	4524	nwizqjsj.exe	93
PID 4524 wrote to memory of 2244	4524	nwizqjsj.exe	94
PID 4524 wrote to memory of 2244	4524	nwizqjsj.exe	94
PID 4524 wrote to memory of 2244	4524	nwizqjsj.exe	94
PID 4720 wrote to memory of 4048	4720	nwizqjsj.exe	96
PID 4720 wrote to memory of 4048	4720	nwizqjsj.exe	96
PID 4720 wrote to memory of 4048	4720	nwizqjsj.exe	96
PID 4720 wrote to memory of 228	4720	nwizqjsj.exe	97
PID 4720 wrote to memory of 228	4720	nwizqjsj.exe	97
PID 4720 wrote to memory of 228	4720	nwizqjsj.exe	97
PID 4048 wrote to memory of 364	4048	nwizqjsj.exe	99
PID 4048 wrote to memory of 364	4048	nwizqjsj.exe	99
PID 4048 wrote to memory of 364	4048	nwizqjsj.exe	99
PID 4048 wrote to memory of 4148	4048	nwizqjsj.exe	100
PID 4048 wrote to memory of 4148	4048	nwizqjsj.exe	100
PID 4048 wrote to memory of 4148	4048	nwizqjsj.exe	100
PID 364 wrote to memory of 1220	364	nwizqjsj.exe	102
PID 364 wrote to memory of 1220	364	nwizqjsj.exe	102
PID 364 wrote to memory of 1220	364	nwizqjsj.exe	102
PID 364 wrote to memory of 2360	364	nwizqjsj.exe	103
PID 364 wrote to memory of 2360	364	nwizqjsj.exe	103
PID 364 wrote to memory of 2360	364	nwizqjsj.exe	103
PID 1220 wrote to memory of 3604	1220	nwizqjsj.exe	105
PID 1220 wrote to memory of 3604	1220	nwizqjsj.exe	105
PID 1220 wrote to memory of 3604	1220	nwizqjsj.exe	105
PID 1220 wrote to memory of 4752	1220	nwizqjsj.exe	106
PID 1220 wrote to memory of 4752	1220	nwizqjsj.exe	106
PID 1220 wrote to memory of 4752	1220	nwizqjsj.exe	106
PID 3604 wrote to memory of 3768	3604	nwizqjsj.exe	109
PID 3604 wrote to memory of 3768	3604	nwizqjsj.exe	109
PID 3604 wrote to memory of 3768	3604	nwizqjsj.exe	109
PID 3604 wrote to memory of 64	3604	nwizqjsj.exe	110
PID 3604 wrote to memory of 64	3604	nwizqjsj.exe	110
PID 3604 wrote to memory of 64	3604	nwizqjsj.exe	110
PID 3768 wrote to memory of 4576	3768	nwizqjsj.exe	112
PID 3768 wrote to memory of 4576	3768	nwizqjsj.exe	112
PID 3768 wrote to memory of 4576	3768	nwizqjsj.exe	112
PID 3768 wrote to memory of 2580	3768	nwizqjsj.exe	113

C:\Users\Admin\AppData\Local\Temp\0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe
"C:\Users\Admin\AppData\Local\Temp\0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\nwizqjsj.exe
  C:\Windows\system32\nwizqjsj.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Windows\SysWOW64\nwizqjsj.exe
    C:\Windows\system32\nwizqjsj.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5048
  - - C:\Windows\SysWOW64\nwizqjsj.exe
      C:\Windows\system32\nwizqjsj.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1056
    - - C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4524
      - C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4720
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4048
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:364
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1220
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3604
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3768
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        12⤵
        Executes dropped EXE
        
        PID:4576
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        13⤵
        Executes dropped EXE
        
        PID:456
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        14⤵
        Executes dropped EXE
        
        PID:1840
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        15⤵
        Executes dropped EXE
        
        PID:1700
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        16⤵
        Executes dropped EXE
        
        PID:3544
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        17⤵
        Executes dropped EXE
        
        PID:4308
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2112
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        19⤵
        Executes dropped EXE
        
        PID:3260
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        20⤵
        Executes dropped EXE
        
        PID:4832
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4452
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4280
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1428
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        24⤵
        Executes dropped EXE
        
        PID:4932
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:400
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        26⤵
        Executes dropped EXE
        
        PID:2636
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4728
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        28⤵
        Executes dropped EXE
        
        PID:4740
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        29⤵
        Executes dropped EXE
        
        PID:2836
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1388
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        31⤵
        Executes dropped EXE
        
        PID:4168
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        32⤵
        Executes dropped EXE
        
        PID:4948
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        33⤵
        Executes dropped EXE
        
        PID:4520
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2276
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:880
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4412
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        37⤵
        Executes dropped EXE
        
        PID:3496
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:996
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        39⤵
        Executes dropped EXE
        
        PID:2344
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        40⤵
        Executes dropped EXE
        
        PID:4968
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        41⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4876
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        42⤵
        Executes dropped EXE
        
        PID:3616
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1808
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:400
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2656
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2816
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4720
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        48⤵
        Executes dropped EXE
        
        PID:3680
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3788
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        50⤵
        Executes dropped EXE
        
        PID:3652
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        51⤵
        Executes dropped EXE
        
        PID:828
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        52⤵
        Executes dropped EXE
        
        PID:3604
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2124
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        54⤵
        Executes dropped EXE
        
        PID:1948
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4632
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4116
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        57⤵
        Executes dropped EXE
        
        PID:3668
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4056
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4828
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        60⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        61⤵
        Executes dropped EXE
        
        PID:4280
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4908
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        63⤵
        Executes dropped EXE
        
        PID:3264
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        64⤵
        Executes dropped EXE
        
        PID:2952
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1968
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        66⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        67⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        68⤵
        Drops file in System32 directory
        
        PID:4444
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        69⤵
        Drops file in System32 directory
        
        PID:2032
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        70⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        71⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        72⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        73⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        74⤵
        Drops file in System32 directory
        
        PID:3772
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        75⤵
        Drops file in System32 directory
        
        PID:2944
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        76⤵
        Drops file in System32 directory
        
        PID:4532
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        77⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        78⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        79⤵
        Drops file in System32 directory
        
        PID:3752
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        80⤵
        Drops file in System32 directory
        
        PID:1584
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        81⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        82⤵
        Drops file in System32 directory
        
        PID:1592
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        83⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        84⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        85⤵
        Drops file in System32 directory
        
        PID:2208
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        86⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        87⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        88⤵
        Drops file in System32 directory
        
        PID:4164
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        89⤵
        Drops file in System32 directory
        
        PID:4860
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        90⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        91⤵
        Drops file in System32 directory
        
        PID:1904
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        92⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        93⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        94⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        95⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        96⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        97⤵
        Drops file in System32 directory
        
        PID:3568
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        98⤵
        Drops file in System32 directory
        
        PID:740
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        99⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        100⤵
        Drops file in System32 directory
        
        PID:2680
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        101⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        102⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        103⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        104⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        105⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        106⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        107⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        108⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        109⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        110⤵
        
        PID:728
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        111⤵
        Drops file in System32 directory
        
        PID:3668
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        112⤵
        
        PID:444
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        113⤵
        Drops file in System32 directory
        
        PID:1120
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        114⤵
        Drops file in System32 directory
        
        PID:4544
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        115⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        116⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        117⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        118⤵
        Drops file in System32 directory
        
        PID:656
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        119⤵
        Drops file in System32 directory
        
        PID:2884
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        120⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        121⤵
        
        PID:684
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        122⤵
        Drops file in System32 directory
        
        PID:4080
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        123⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        124⤵
        Drops file in System32 directory
        
        PID:3452
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        125⤵
        Drops file in System32 directory
        
        PID:4268
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        126⤵
        Drops file in System32 directory
        
        PID:2808
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        127⤵
        Drops file in System32 directory
        
        PID:3460
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        128⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        129⤵
        Drops file in System32 directory
        
        PID:1496
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        130⤵
        
        PID:60
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        131⤵
        Drops file in System32 directory
        
        PID:1708
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        132⤵
        Drops file in System32 directory
        
        PID:336
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        133⤵
        Drops file in System32 directory
        
        PID:3604
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        134⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        135⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        136⤵
        Drops file in System32 directory
        
        PID:4992
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        137⤵
        Drops file in System32 directory
        
        PID:4316
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        138⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        139⤵
        
        PID:448
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        140⤵
        Drops file in System32 directory
        
        PID:976
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        141⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\nwizqjsj.exe
        
        C:\Windows\system32\nwizqjsj.exe
        142⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        142⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        141⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        140⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        139⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        138⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        137⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        136⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        135⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        134⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        133⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        132⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        131⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        130⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        129⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        128⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        127⤵
        
        PID:380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        126⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        125⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        124⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        123⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        122⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        121⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        120⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        119⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        118⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        117⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        116⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        115⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        114⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        113⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        112⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        111⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        110⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        109⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        108⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        107⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        106⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        105⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        104⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        103⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        102⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        101⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        100⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        99⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        98⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        97⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        96⤵
        
        PID:216
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        95⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        94⤵
        
        PID:948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        93⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        92⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        91⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        90⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        89⤵
        
        PID:608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        88⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        87⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        86⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        85⤵
        
        PID:996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        84⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        83⤵
        
        PID:448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        82⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        81⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        80⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        79⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        78⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        77⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        76⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        75⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        74⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        73⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        72⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        71⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        70⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        69⤵
        
        PID:788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        68⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        67⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        66⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        65⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        64⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        63⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        62⤵
        
        PID:420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        61⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        60⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        59⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        58⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        57⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        56⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        55⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        54⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        53⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        52⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        51⤵
        
        PID:796
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        50⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        49⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        48⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        47⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        46⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        45⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        44⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        43⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        42⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        41⤵
        
        PID:420
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        40⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        39⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        38⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        37⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        36⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        35⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        34⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        33⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        32⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        31⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        30⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        29⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        28⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        27⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        26⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        25⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        24⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        23⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        22⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        21⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        20⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        19⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        18⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        17⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        16⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        15⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        14⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        13⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        12⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        11⤵
        
        PID:64
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        10⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        9⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        8⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        7⤵
        
        PID:228
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        6⤵
        
        PID:2244
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
        5⤵
        
        PID:2352
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
      4⤵
      PID:2656
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizqjsj.exe"
    3⤵
    PID:440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0.exe"
  2⤵
  PID:5080

Network

DNS

226.101.242.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.101.242.52.in-addr.arpa

IN PTR

Response

93.184.221.240:80

322 B
7
93.184.221.240:80

322 B
7
93.184.221.240:80

322 B
7
104.80.225.205:443

322 B
7
40.79.150.121:443

322 B
7

8.8.8.8:53

226.101.242.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

226.101.242.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit
C:\Windows\SysWOW64\nwizqjsj.exe

Filesize
80KB

MD5
34bc708b6f1f61e31053426a48f38e50

SHA1
43aac41070ff652e0d364f16736a605953e1f75f

SHA256
0f85be063c8943450e0a64a7f75914d88755347eebc3e3261070a706d92e8db0

SHA512
a272c616a333caa298a471e3e988d9a970603850f68ff299e047501f433b341da1dc73e460636b25f95bfdb09e83fc565b4947cfcee2253aae4f8fd4d2667302

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.