9c5a81fea1af416a3fd183aae7d6c7329e8448faa14bfc6371df9096ba97171e

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a84c507c29c5350b77be68a30f4fb20.exe
Size

8KB
MD5

4a84c507c29c5350b77be68a30f4fb20
SHA1

c74f68bd3c457a64b024f26a724b03d8d446c985
SHA256

9c5a81fea1af416a3fd183aae7d6c7329e8448faa14bfc6371df9096ba97171e
SHA512

e9b08b285ee3cf4fb86f2cb740e635def0c94756410138061af30ca41fc8d739adb9ea4fd91ab9ea71a92d6716d282cd8beae94a926fb6f3c0eca75af5be6efa
SSDEEP

192:HIl1+asQVKVpPAU5yp5ulK9hLTjeTlwy1TbKfpyap:HIlAa8jPAU0paK9V+iy9KByY

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2304	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2060	nwizhx2.exe
2784	nwizhx2.exe
2672	nwizhx2.exe
2168	nwizhx2.exe
2792	nwizhx2.exe
2552	nwizhx2.exe
2580	nwizhx2.exe
1720	nwizhx2.exe
2828	nwizhx2.exe
2964	nwizhx2.exe
2468	nwizhx2.exe
332	nwizhx2.exe
1620	nwizhx2.exe
600	nwizhx2.exe
2448	nwizhx2.exe
1336	nwizhx2.exe
2388	nwizhx2.exe
580	nwizhx2.exe
1996	nwizhx2.exe
1588	nwizhx2.exe
1756	nwizhx2.exe
1800	nwizhx2.exe
1876	nwizhx2.exe
2252	nwizhx2.exe
1576	nwizhx2.exe
1796	nwizhx2.exe
2516	nwizhx2.exe
2136	nwizhx2.exe
1668	nwizhx2.exe
1468	nwizhx2.exe
2124	nwizhx2.exe
1448	nwizhx2.exe
1960	nwizhx2.exe
1544	nwizhx2.exe
2336	nwizhx2.exe
1632	nwizhx2.exe
2696	nwizhx2.exe
2884	nwizhx2.exe
2560	nwizhx2.exe
2676	nwizhx2.exe
3000	nwizhx2.exe
1880	nwizhx2.exe
2580	nwizhx2.exe
1524	nwizhx2.exe
2840	nwizhx2.exe
2980	nwizhx2.exe
1928	nwizhx2.exe
1896	nwizhx2.exe
1740	nwizhx2.exe
1192	nwizhx2.exe
536	nwizhx2.exe
712	nwizhx2.exe
2984	nwizhx2.exe
796	nwizhx2.exe
1336	nwizhx2.exe
2056	nwizhx2.exe
1680	nwizhx2.exe
2236	nwizhx2.exe
1996	nwizhx2.exe
1792	nwizhx2.exe
1656	nwizhx2.exe
1164	nwizhx2.exe
2380	nwizhx2.exe
1636	nwizhx2.exe

Loads dropped DLL 64 IoCs

pid	Process
2336	4a84c507c29c5350b77be68a30f4fb20.exe
2336	4a84c507c29c5350b77be68a30f4fb20.exe
2060	nwizhx2.exe
2060	nwizhx2.exe
2784	nwizhx2.exe
2784	nwizhx2.exe
2672	nwizhx2.exe
2672	nwizhx2.exe
2168	nwizhx2.exe
2168	nwizhx2.exe
2792	nwizhx2.exe
2792	nwizhx2.exe
2552	nwizhx2.exe
2552	nwizhx2.exe
2580	nwizhx2.exe
2580	nwizhx2.exe
1720	nwizhx2.exe
1720	nwizhx2.exe
2828	nwizhx2.exe
2828	nwizhx2.exe
2964	nwizhx2.exe
2964	nwizhx2.exe
2468	nwizhx2.exe
2468	nwizhx2.exe
332	nwizhx2.exe
332	nwizhx2.exe
1620	nwizhx2.exe
1620	nwizhx2.exe
600	nwizhx2.exe
600	nwizhx2.exe
2448	nwizhx2.exe
2448	nwizhx2.exe
1336	nwizhx2.exe
1336	nwizhx2.exe
2388	nwizhx2.exe
2388	nwizhx2.exe
580	nwizhx2.exe
580	nwizhx2.exe
1996	nwizhx2.exe
1996	nwizhx2.exe
1588	nwizhx2.exe
1588	nwizhx2.exe
1756	nwizhx2.exe
1756	nwizhx2.exe
1800	nwizhx2.exe
1800	nwizhx2.exe
1876	nwizhx2.exe
1876	nwizhx2.exe
2252	nwizhx2.exe
2252	nwizhx2.exe
1576	nwizhx2.exe
1576	nwizhx2.exe
1796	nwizhx2.exe
1796	nwizhx2.exe
2516	nwizhx2.exe
2516	nwizhx2.exe
2136	nwizhx2.exe
2136	nwizhx2.exe
1668	nwizhx2.exe
1668	nwizhx2.exe
1468	nwizhx2.exe
1468	nwizhx2.exe
2124	nwizhx2.exe
2124	nwizhx2.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2336	4a84c507c29c5350b77be68a30f4fb20.exe
2336	4a84c507c29c5350b77be68a30f4fb20.exe
2336	4a84c507c29c5350b77be68a30f4fb20.exe
2336	4a84c507c29c5350b77be68a30f4fb20.exe
2060	nwizhx2.exe
2060	nwizhx2.exe
2060	nwizhx2.exe
2060	nwizhx2.exe
2784	nwizhx2.exe
2784	nwizhx2.exe
2784	nwizhx2.exe
2784	nwizhx2.exe
2672	nwizhx2.exe
2672	nwizhx2.exe
2672	nwizhx2.exe
2672	nwizhx2.exe
2168	nwizhx2.exe
2168	nwizhx2.exe
2168	nwizhx2.exe
2168	nwizhx2.exe
2792	nwizhx2.exe
2792	nwizhx2.exe
2792	nwizhx2.exe
2792	nwizhx2.exe
2552	nwizhx2.exe
2552	nwizhx2.exe
2552	nwizhx2.exe
2552	nwizhx2.exe
2580	nwizhx2.exe
2580	nwizhx2.exe
2580	nwizhx2.exe
2580	nwizhx2.exe
1720	nwizhx2.exe
1720	nwizhx2.exe
1720	nwizhx2.exe
1720	nwizhx2.exe
2828	nwizhx2.exe
2828	nwizhx2.exe
2828	nwizhx2.exe
2828	nwizhx2.exe
2964	nwizhx2.exe
2964	nwizhx2.exe
2964	nwizhx2.exe
2964	nwizhx2.exe
2468	nwizhx2.exe
2468	nwizhx2.exe
2468	nwizhx2.exe
2468	nwizhx2.exe
332	nwizhx2.exe
332	nwizhx2.exe
332	nwizhx2.exe
332	nwizhx2.exe
1620	nwizhx2.exe
1620	nwizhx2.exe
1620	nwizhx2.exe
1620	nwizhx2.exe
600	nwizhx2.exe
600	nwizhx2.exe
600	nwizhx2.exe
600	nwizhx2.exe
2448	nwizhx2.exe
2448	nwizhx2.exe
2448	nwizhx2.exe
2448	nwizhx2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2060	2336	4a84c507c29c5350b77be68a30f4fb20.exe	28
PID 2336 wrote to memory of 2060	2336	4a84c507c29c5350b77be68a30f4fb20.exe	28
PID 2336 wrote to memory of 2060	2336	4a84c507c29c5350b77be68a30f4fb20.exe	28
PID 2336 wrote to memory of 2060	2336	4a84c507c29c5350b77be68a30f4fb20.exe	28
PID 2336 wrote to memory of 2304	2336	4a84c507c29c5350b77be68a30f4fb20.exe	30
PID 2336 wrote to memory of 2304	2336	4a84c507c29c5350b77be68a30f4fb20.exe	30
PID 2336 wrote to memory of 2304	2336	4a84c507c29c5350b77be68a30f4fb20.exe	30
PID 2336 wrote to memory of 2304	2336	4a84c507c29c5350b77be68a30f4fb20.exe	30
PID 2060 wrote to memory of 2784	2060	nwizhx2.exe	31
PID 2060 wrote to memory of 2784	2060	nwizhx2.exe	31
PID 2060 wrote to memory of 2784	2060	nwizhx2.exe	31
PID 2060 wrote to memory of 2784	2060	nwizhx2.exe	31
PID 2060 wrote to memory of 2696	2060	nwizhx2.exe	32
PID 2060 wrote to memory of 2696	2060	nwizhx2.exe	32
PID 2060 wrote to memory of 2696	2060	nwizhx2.exe	32
PID 2060 wrote to memory of 2696	2060	nwizhx2.exe	32
PID 2784 wrote to memory of 2672	2784	nwizhx2.exe	34
PID 2784 wrote to memory of 2672	2784	nwizhx2.exe	34
PID 2784 wrote to memory of 2672	2784	nwizhx2.exe	34
PID 2784 wrote to memory of 2672	2784	nwizhx2.exe	34
PID 2784 wrote to memory of 2884	2784	nwizhx2.exe	35
PID 2784 wrote to memory of 2884	2784	nwizhx2.exe	35
PID 2784 wrote to memory of 2884	2784	nwizhx2.exe	35
PID 2784 wrote to memory of 2884	2784	nwizhx2.exe	35
PID 2672 wrote to memory of 2168	2672	nwizhx2.exe	37
PID 2672 wrote to memory of 2168	2672	nwizhx2.exe	37
PID 2672 wrote to memory of 2168	2672	nwizhx2.exe	37
PID 2672 wrote to memory of 2168	2672	nwizhx2.exe	37
PID 2672 wrote to memory of 2864	2672	nwizhx2.exe	38
PID 2672 wrote to memory of 2864	2672	nwizhx2.exe	38
PID 2672 wrote to memory of 2864	2672	nwizhx2.exe	38
PID 2672 wrote to memory of 2864	2672	nwizhx2.exe	38
PID 2168 wrote to memory of 2792	2168	nwizhx2.exe	40
PID 2168 wrote to memory of 2792	2168	nwizhx2.exe	40
PID 2168 wrote to memory of 2792	2168	nwizhx2.exe	40
PID 2168 wrote to memory of 2792	2168	nwizhx2.exe	40
PID 2168 wrote to memory of 2592	2168	nwizhx2.exe	41
PID 2168 wrote to memory of 2592	2168	nwizhx2.exe	41
PID 2168 wrote to memory of 2592	2168	nwizhx2.exe	41
PID 2168 wrote to memory of 2592	2168	nwizhx2.exe	41
PID 2792 wrote to memory of 2552	2792	nwizhx2.exe	43
PID 2792 wrote to memory of 2552	2792	nwizhx2.exe	43
PID 2792 wrote to memory of 2552	2792	nwizhx2.exe	43
PID 2792 wrote to memory of 2552	2792	nwizhx2.exe	43
PID 2792 wrote to memory of 2612	2792	nwizhx2.exe	44
PID 2792 wrote to memory of 2612	2792	nwizhx2.exe	44
PID 2792 wrote to memory of 2612	2792	nwizhx2.exe	44
PID 2792 wrote to memory of 2612	2792	nwizhx2.exe	44
PID 2552 wrote to memory of 2580	2552	nwizhx2.exe	46
PID 2552 wrote to memory of 2580	2552	nwizhx2.exe	46
PID 2552 wrote to memory of 2580	2552	nwizhx2.exe	46
PID 2552 wrote to memory of 2580	2552	nwizhx2.exe	46
PID 2552 wrote to memory of 2180	2552	nwizhx2.exe	48
PID 2552 wrote to memory of 2180	2552	nwizhx2.exe	48
PID 2552 wrote to memory of 2180	2552	nwizhx2.exe	48
PID 2552 wrote to memory of 2180	2552	nwizhx2.exe	48
PID 2580 wrote to memory of 1720	2580	nwizhx2.exe	49
PID 2580 wrote to memory of 1720	2580	nwizhx2.exe	49
PID 2580 wrote to memory of 1720	2580	nwizhx2.exe	49
PID 2580 wrote to memory of 1720	2580	nwizhx2.exe	49
PID 2580 wrote to memory of 1252	2580	nwizhx2.exe	50
PID 2580 wrote to memory of 1252	2580	nwizhx2.exe	50
PID 2580 wrote to memory of 1252	2580	nwizhx2.exe	50
PID 2580 wrote to memory of 1252	2580	nwizhx2.exe	50

C:\Users\Admin\AppData\Local\Temp\4a84c507c29c5350b77be68a30f4fb20.exe
"C:\Users\Admin\AppData\Local\Temp\4a84c507c29c5350b77be68a30f4fb20.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\nwizhx2.exe
  C:\Windows\system32\nwizhx2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Windows\SysWOW64\nwizhx2.exe
    C:\Windows\system32\nwizhx2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Windows\SysWOW64\nwizhx2.exe
      C:\Windows\system32\nwizhx2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2168
      - C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2792
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2552
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2580
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1720
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2828
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2964
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2468
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:332
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1620
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:600
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2448
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1336
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2388
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:580
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1996
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1588
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1756
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1800
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1876
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2252
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1576
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1796
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2516
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2136
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1668
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1468
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2124
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1448
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        34⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1544
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        36⤵
        Executes dropped EXE
        
        PID:2336
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1632
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        38⤵
        Executes dropped EXE
        
        PID:2696
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2884
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2560
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        41⤵
        Executes dropped EXE
        
        PID:2676
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        42⤵
        Executes dropped EXE
        
        PID:3000
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        43⤵
        Executes dropped EXE
        
        PID:1880
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2580
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        45⤵
        Executes dropped EXE
        
        PID:1524
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2840
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        47⤵
        Executes dropped EXE
        
        PID:2980
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1928
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        49⤵
        Executes dropped EXE
        
        PID:1896
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        50⤵
        Executes dropped EXE
        
        PID:1740
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        51⤵
        Executes dropped EXE
        
        PID:1192
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:536
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        53⤵
        Executes dropped EXE
        
        PID:712
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        54⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:796
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1336
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        57⤵
        Executes dropped EXE
        
        PID:2056
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1680
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        59⤵
        Executes dropped EXE
        
        PID:2236
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1996
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1792
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1656
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1164
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        64⤵
        Executes dropped EXE
        
        PID:2380
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        65⤵
        Executes dropped EXE
        
        PID:1636
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        66⤵
        Drops file in System32 directory
        
        PID:768
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        67⤵
        
        PID:772
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        68⤵
        Drops file in System32 directory
        
        PID:1060
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        69⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        70⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        71⤵
        Drops file in System32 directory
        
        PID:344
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        72⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        73⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        74⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        75⤵
        Drops file in System32 directory
        
        PID:2284
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        76⤵
        Drops file in System32 directory
        
        PID:2668
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        77⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        78⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        79⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        80⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        81⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        82⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        83⤵
        Drops file in System32 directory
        
        PID:2032
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        84⤵
        Drops file in System32 directory
        
        PID:820
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        85⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        86⤵
        Drops file in System32 directory
        
        PID:2184
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        87⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        88⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        89⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        90⤵
        Drops file in System32 directory
        
        PID:1596
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        91⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        92⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        93⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        94⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        95⤵
        
        PID:876
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        96⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        97⤵
        Drops file in System32 directory
        
        PID:3028
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        98⤵
        Drops file in System32 directory
        
        PID:3036
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        99⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        100⤵
        Drops file in System32 directory
        
        PID:2020
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        101⤵
        Drops file in System32 directory
        
        PID:1628
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        102⤵
        Drops file in System32 directory
        
        PID:2488
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        103⤵
        Drops file in System32 directory
        
        PID:1712
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        104⤵
        Drops file in System32 directory
        
        PID:1500
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        105⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        106⤵
        Drops file in System32 directory
        
        PID:2896
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        107⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        108⤵
        Drops file in System32 directory
        
        PID:1432
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        109⤵
        Drops file in System32 directory
        
        PID:1796
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        110⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        111⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        112⤵
        Drops file in System32 directory
        
        PID:1668
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        113⤵
        Drops file in System32 directory
        
        PID:1468
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        114⤵
        Drops file in System32 directory
        
        PID:2124
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        115⤵
        Drops file in System32 directory
        
        PID:1920
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        116⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        117⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        118⤵
        Drops file in System32 directory
        
        PID:2688
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        119⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        120⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        121⤵
        Drops file in System32 directory
        
        PID:2672
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        122⤵
        Drops file in System32 directory
        
        PID:2576
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        123⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        124⤵
        Drops file in System32 directory
        
        PID:2588
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        125⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        126⤵
        Drops file in System32 directory
        
        PID:2580
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        127⤵
        Drops file in System32 directory
        
        PID:352
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        128⤵
        
        PID:356
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        129⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        130⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        131⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        132⤵
        Drops file in System32 directory
        
        PID:1600
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        133⤵
        Drops file in System32 directory
        
        PID:1192
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        134⤵
        Drops file in System32 directory
        
        PID:1648
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        135⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        136⤵
        Drops file in System32 directory
        
        PID:1244
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        137⤵
        Drops file in System32 directory
        
        PID:1240
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        138⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        139⤵
        Drops file in System32 directory
        
        PID:3040
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        140⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        141⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        142⤵
        Drops file in System32 directory
        
        PID:2248
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        143⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        143⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        142⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        141⤵
        
        PID:580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        140⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        139⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        138⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        137⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        136⤵
        
        PID:712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        135⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        134⤵
        
        PID:576
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        133⤵
        
        PID:640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        132⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        131⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        130⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        129⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        128⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        127⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        126⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        125⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        124⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        123⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        122⤵
        
        PID:288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        121⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        120⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        119⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        118⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        117⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        116⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        115⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        114⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        113⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        112⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        111⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        110⤵
        
        PID:376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        109⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        108⤵
        
        PID:792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        107⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        106⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        105⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        104⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        103⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        102⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        101⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        100⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        99⤵
        
        PID:580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        98⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        97⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        96⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        95⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        94⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        93⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        92⤵
        
        PID:576
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        91⤵
        
        PID:640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        90⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        89⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        88⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        87⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        86⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        85⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        84⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        83⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        82⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        81⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        80⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        79⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        78⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        77⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        76⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        75⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        74⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        73⤵
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        72⤵
        
        PID:400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        71⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        70⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        69⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        68⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        67⤵
        
        PID:328
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        66⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        65⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        64⤵
        
        PID:844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        63⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        62⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        61⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        60⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        59⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        58⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        57⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        56⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        55⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        54⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        53⤵
        
        PID:604
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        52⤵
        
        PID:268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        51⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        50⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        49⤵
        
        PID:988
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        48⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        47⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        46⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        45⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        44⤵
        
        PID:820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        43⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        42⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        41⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        40⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        39⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        38⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        37⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        36⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        35⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        34⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        33⤵
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        32⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        31⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        30⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        29⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        28⤵
        
        PID:376
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        27⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        26⤵
        
        PID:768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        25⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        24⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        23⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        22⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        21⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        20⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        19⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        18⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        17⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        16⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        15⤵
        
        PID:692
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        14⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        13⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        12⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        11⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        10⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        9⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        8⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        7⤵
        
        PID:2612
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        6⤵
        
        PID:2592
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        5⤵
        
        PID:2864
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
      4⤵
      PID:2884
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
    3⤵
    PID:2696
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\4a84c507c29c5350b77be68a30f4fb20.exe"
  2⤵
  - Deletes itself
  PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\nwizhx2.exe

Filesize
8KB

MD5
4a84c507c29c5350b77be68a30f4fb20

SHA1
c74f68bd3c457a64b024f26a724b03d8d446c985

SHA256
9c5a81fea1af416a3fd183aae7d6c7329e8448faa14bfc6371df9096ba97171e

SHA512
e9b08b285ee3cf4fb86f2cb740e635def0c94756410138061af30ca41fc8d739adb9ea4fd91ab9ea71a92d6716d282cd8beae94a926fb6f3c0eca75af5be6efa

Download Submit