9c5a81fea1af416a3fd183aae7d6c7329e8448faa14bfc6371df9096ba97171e

Analysis

max time kernel
161s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a84c507c29c5350b77be68a30f4fb20.exe
Size

8KB
MD5

4a84c507c29c5350b77be68a30f4fb20
SHA1

c74f68bd3c457a64b024f26a724b03d8d446c985
SHA256

9c5a81fea1af416a3fd183aae7d6c7329e8448faa14bfc6371df9096ba97171e
SHA512

e9b08b285ee3cf4fb86f2cb740e635def0c94756410138061af30ca41fc8d739adb9ea4fd91ab9ea71a92d6716d282cd8beae94a926fb6f3c0eca75af5be6efa
SSDEEP

192:HIl1+asQVKVpPAU5yp5ulK9hLTjeTlwy1TbKfpyap:HIlAa8jPAU0paK9V+iy9KByY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
920	nwizhx2.exe
3484	nwizhx2.exe
784	nwizhx2.exe
1980	nwizhx2.exe
1100	nwizhx2.exe
3712	nwizhx2.exe
4496	nwizhx2.exe
1416	nwizhx2.exe
4076	nwizhx2.exe
216	nwizhx2.exe
2724	nwizhx2.exe
3316	nwizhx2.exe
2004	nwizhx2.exe
3012	nwizhx2.exe
4988	nwizhx2.exe
2972	nwizhx2.exe
4600	nwizhx2.exe
4856	nwizhx2.exe
228	nwizhx2.exe
1836	nwizhx2.exe
4992	nwizhx2.exe
3236	nwizhx2.exe
2244	nwizhx2.exe
5048	nwizhx2.exe
3204	nwizhx2.exe
3728	nwizhx2.exe
1992	nwizhx2.exe
1268	nwizhx2.exe
4512	nwizhx2.exe
640	nwizhx2.exe
112	nwizhx2.exe
3844	nwizhx2.exe
2396	nwizhx2.exe
3184	nwizhx2.exe
1964	nwizhx2.exe
2852	nwizhx2.exe
4060	nwizhx2.exe
2420	nwizhx2.exe
1036	nwizhx2.exe
2672	nwizhx2.exe
4196	nwizhx2.exe
2496	nwizhx2.exe
3728	nwizhx2.exe
1084	nwizhx2.exe
4908	nwizhx2.exe
460	nwizhx2.exe
4988	nwizhx2.exe
2660	nwizhx2.exe
784	nwizhx2.exe
1804	nwizhx2.exe
2464	nwizhx2.exe
1020	nwizhx2.exe
3000	nwizhx2.exe
2168	nwizhx2.exe
2736	nwizhx2.exe
2312	nwizhx2.exe
3680	nwizhx2.exe
2496	nwizhx2.exe
2228	nwizhx2.exe
2432	nwizhx2.exe
2872	nwizhx2.exe
4428	nwizhx2.exe
2484	nwizhx2.exe
1752	nwizhx2.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	4a84c507c29c5350b77be68a30f4fb20.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe
File opened for modification	C:\Windows\SysWOW64\nwizhx2.exe	4a84c507c29c5350b77be68a30f4fb20.exe
File created	C:\Windows\SysWOW64\nwizhx2.exe	nwizhx2.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2072	4a84c507c29c5350b77be68a30f4fb20.exe
2072	4a84c507c29c5350b77be68a30f4fb20.exe
2072	4a84c507c29c5350b77be68a30f4fb20.exe
2072	4a84c507c29c5350b77be68a30f4fb20.exe
2072	4a84c507c29c5350b77be68a30f4fb20.exe
2072	4a84c507c29c5350b77be68a30f4fb20.exe
2072	4a84c507c29c5350b77be68a30f4fb20.exe
2072	4a84c507c29c5350b77be68a30f4fb20.exe
920	nwizhx2.exe
920	nwizhx2.exe
920	nwizhx2.exe
920	nwizhx2.exe
920	nwizhx2.exe
920	nwizhx2.exe
920	nwizhx2.exe
920	nwizhx2.exe
3484	nwizhx2.exe
3484	nwizhx2.exe
3484	nwizhx2.exe
3484	nwizhx2.exe
3484	nwizhx2.exe
3484	nwizhx2.exe
3484	nwizhx2.exe
3484	nwizhx2.exe
784	nwizhx2.exe
784	nwizhx2.exe
784	nwizhx2.exe
784	nwizhx2.exe
784	nwizhx2.exe
784	nwizhx2.exe
784	nwizhx2.exe
784	nwizhx2.exe
1980	nwizhx2.exe
1980	nwizhx2.exe
1980	nwizhx2.exe
1980	nwizhx2.exe
1980	nwizhx2.exe
1980	nwizhx2.exe
1980	nwizhx2.exe
1980	nwizhx2.exe
1100	nwizhx2.exe
1100	nwizhx2.exe
1100	nwizhx2.exe
1100	nwizhx2.exe
1100	nwizhx2.exe
1100	nwizhx2.exe
1100	nwizhx2.exe
1100	nwizhx2.exe
3712	nwizhx2.exe
3712	nwizhx2.exe
3712	nwizhx2.exe
3712	nwizhx2.exe
3712	nwizhx2.exe
3712	nwizhx2.exe
3712	nwizhx2.exe
3712	nwizhx2.exe
4496	nwizhx2.exe
4496	nwizhx2.exe
4496	nwizhx2.exe
4496	nwizhx2.exe
4496	nwizhx2.exe
4496	nwizhx2.exe
4496	nwizhx2.exe
4496	nwizhx2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 920	2072	4a84c507c29c5350b77be68a30f4fb20.exe	91
PID 2072 wrote to memory of 920	2072	4a84c507c29c5350b77be68a30f4fb20.exe	91
PID 2072 wrote to memory of 920	2072	4a84c507c29c5350b77be68a30f4fb20.exe	91
PID 2072 wrote to memory of 2480	2072	4a84c507c29c5350b77be68a30f4fb20.exe	92
PID 2072 wrote to memory of 2480	2072	4a84c507c29c5350b77be68a30f4fb20.exe	92
PID 2072 wrote to memory of 2480	2072	4a84c507c29c5350b77be68a30f4fb20.exe	92
PID 920 wrote to memory of 3484	920	nwizhx2.exe	94
PID 920 wrote to memory of 3484	920	nwizhx2.exe	94
PID 920 wrote to memory of 3484	920	nwizhx2.exe	94
PID 920 wrote to memory of 4832	920	nwizhx2.exe	95
PID 920 wrote to memory of 4832	920	nwizhx2.exe	95
PID 920 wrote to memory of 4832	920	nwizhx2.exe	95
PID 3484 wrote to memory of 784	3484	nwizhx2.exe	97
PID 3484 wrote to memory of 784	3484	nwizhx2.exe	97
PID 3484 wrote to memory of 784	3484	nwizhx2.exe	97
PID 3484 wrote to memory of 1484	3484	nwizhx2.exe	98
PID 3484 wrote to memory of 1484	3484	nwizhx2.exe	98
PID 3484 wrote to memory of 1484	3484	nwizhx2.exe	98
PID 784 wrote to memory of 1980	784	nwizhx2.exe	100
PID 784 wrote to memory of 1980	784	nwizhx2.exe	100
PID 784 wrote to memory of 1980	784	nwizhx2.exe	100
PID 784 wrote to memory of 4624	784	nwizhx2.exe	101
PID 784 wrote to memory of 4624	784	nwizhx2.exe	101
PID 784 wrote to memory of 4624	784	nwizhx2.exe	101
PID 1980 wrote to memory of 1100	1980	nwizhx2.exe	103
PID 1980 wrote to memory of 1100	1980	nwizhx2.exe	103
PID 1980 wrote to memory of 1100	1980	nwizhx2.exe	103
PID 1980 wrote to memory of 1144	1980	nwizhx2.exe	104
PID 1980 wrote to memory of 1144	1980	nwizhx2.exe	104
PID 1980 wrote to memory of 1144	1980	nwizhx2.exe	104
PID 1100 wrote to memory of 3712	1100	nwizhx2.exe	106
PID 1100 wrote to memory of 3712	1100	nwizhx2.exe	106
PID 1100 wrote to memory of 3712	1100	nwizhx2.exe	106
PID 1100 wrote to memory of 3548	1100	nwizhx2.exe	107
PID 1100 wrote to memory of 3548	1100	nwizhx2.exe	107
PID 1100 wrote to memory of 3548	1100	nwizhx2.exe	107
PID 3712 wrote to memory of 4496	3712	nwizhx2.exe	110
PID 3712 wrote to memory of 4496	3712	nwizhx2.exe	110
PID 3712 wrote to memory of 4496	3712	nwizhx2.exe	110
PID 3712 wrote to memory of 2556	3712	nwizhx2.exe	111
PID 3712 wrote to memory of 2556	3712	nwizhx2.exe	111
PID 3712 wrote to memory of 2556	3712	nwizhx2.exe	111
PID 4496 wrote to memory of 1416	4496	nwizhx2.exe	113
PID 4496 wrote to memory of 1416	4496	nwizhx2.exe	113
PID 4496 wrote to memory of 1416	4496	nwizhx2.exe	113
PID 4496 wrote to memory of 2948	4496	nwizhx2.exe	115
PID 4496 wrote to memory of 2948	4496	nwizhx2.exe	115
PID 4496 wrote to memory of 2948	4496	nwizhx2.exe	115
PID 1416 wrote to memory of 4076	1416	nwizhx2.exe	117
PID 1416 wrote to memory of 4076	1416	nwizhx2.exe	117
PID 1416 wrote to memory of 4076	1416	nwizhx2.exe	117
PID 1416 wrote to memory of 3432	1416	nwizhx2.exe	118
PID 1416 wrote to memory of 3432	1416	nwizhx2.exe	118
PID 1416 wrote to memory of 3432	1416	nwizhx2.exe	118
PID 4076 wrote to memory of 216	4076	nwizhx2.exe	120
PID 4076 wrote to memory of 216	4076	nwizhx2.exe	120
PID 4076 wrote to memory of 216	4076	nwizhx2.exe	120
PID 4076 wrote to memory of 736	4076	nwizhx2.exe	121
PID 4076 wrote to memory of 736	4076	nwizhx2.exe	121
PID 4076 wrote to memory of 736	4076	nwizhx2.exe	121
PID 216 wrote to memory of 2724	216	nwizhx2.exe	123
PID 216 wrote to memory of 2724	216	nwizhx2.exe	123
PID 216 wrote to memory of 2724	216	nwizhx2.exe	123
PID 216 wrote to memory of 1084	216	nwizhx2.exe	124

C:\Users\Admin\AppData\Local\Temp\4a84c507c29c5350b77be68a30f4fb20.exe
"C:\Users\Admin\AppData\Local\Temp\4a84c507c29c5350b77be68a30f4fb20.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\nwizhx2.exe
  C:\Windows\system32\nwizhx2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:920
- - C:\Windows\SysWOW64\nwizhx2.exe
    C:\Windows\system32\nwizhx2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3484
  - - C:\Windows\SysWOW64\nwizhx2.exe
      C:\Windows\system32\nwizhx2.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:784
    - - C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1980
      - C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1100
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3712
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        8⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4496
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1416
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4076
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:216
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2724
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3316
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2004
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        15⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3012
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        16⤵
        Executes dropped EXE
        
        PID:4988
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2972
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        18⤵
        Executes dropped EXE
        
        PID:4600
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4856
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:228
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        21⤵
        Executes dropped EXE
        
        PID:1836
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4992
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3236
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        24⤵
        Executes dropped EXE
        
        PID:2244
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        25⤵
        Executes dropped EXE
        
        PID:5048
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        26⤵
        Executes dropped EXE
        
        PID:3204
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        27⤵
        Executes dropped EXE
        
        PID:3728
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        28⤵
        Executes dropped EXE
        
        PID:1992
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        29⤵
        Executes dropped EXE
        
        PID:1268
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        30⤵
        Executes dropped EXE
        
        PID:4512
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        31⤵
        Executes dropped EXE
        
        PID:640
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:112
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        33⤵
        Executes dropped EXE
        
        PID:3844
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2396
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3184
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1964
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2852
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4060
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        39⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1036
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        41⤵
        Executes dropped EXE
        
        PID:2672
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        42⤵
        Executes dropped EXE
        
        PID:4196
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2496
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3728
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1084
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        46⤵
        Executes dropped EXE
        
        PID:4908
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        47⤵
        Executes dropped EXE
        
        PID:460
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        48⤵
        Executes dropped EXE
        
        PID:4988
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        49⤵
        Executes dropped EXE
        
        PID:2660
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        50⤵
        Executes dropped EXE
        
        PID:784
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1804
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2464
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        53⤵
        Executes dropped EXE
        
        PID:1020
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3000
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2168
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        56⤵
        Executes dropped EXE
        
        PID:2736
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        57⤵
        Executes dropped EXE
        
        PID:2312
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3680
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2496
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        60⤵
        Executes dropped EXE
        
        PID:2228
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2432
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        62⤵
        Executes dropped EXE
        
        PID:2872
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        63⤵
        Executes dropped EXE
        
        PID:4428
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2484
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1752
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        66⤵
        Drops file in System32 directory
        
        PID:1420
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        67⤵
        Drops file in System32 directory
        
        PID:4504
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        68⤵
        Drops file in System32 directory
        
        PID:2908
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        69⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        70⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        71⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        72⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        73⤵
        Drops file in System32 directory
        
        PID:2332
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        74⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        75⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        76⤵
        Drops file in System32 directory
        
        PID:4592
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        77⤵
        Drops file in System32 directory
        
        PID:1044
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        78⤵
        Drops file in System32 directory
        
        PID:4084
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        79⤵
        Drops file in System32 directory
        
        PID:2064
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        80⤵
        Drops file in System32 directory
        
        PID:2348
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        81⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        82⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        83⤵
        Drops file in System32 directory
        
        PID:1604
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        84⤵
        Drops file in System32 directory
        
        PID:2000
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        85⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        86⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        87⤵
        Drops file in System32 directory
        
        PID:3148
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        88⤵
        Drops file in System32 directory
        
        PID:1180
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        89⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        90⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        91⤵
        Drops file in System32 directory
        
        PID:416
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        92⤵
        Drops file in System32 directory
        
        PID:1120
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        93⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        94⤵
        Drops file in System32 directory
        
        PID:2892
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        95⤵
        Drops file in System32 directory
        
        PID:824
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        96⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        97⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        98⤵
        Drops file in System32 directory
        
        PID:4988
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        99⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        100⤵
        Drops file in System32 directory
        
        PID:1396
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        101⤵
        Drops file in System32 directory
        
        PID:4556
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        102⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        103⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        104⤵
        Drops file in System32 directory
        
        PID:1500
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        105⤵
        
        PID:1180
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        106⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        107⤵
        Drops file in System32 directory
        
        PID:3256
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        108⤵
        Drops file in System32 directory
        
        PID:2396
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        109⤵
        
        PID:460
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        110⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        111⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        112⤵
        Drops file in System32 directory
        
        PID:4164
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        113⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        114⤵
        Drops file in System32 directory
        
        PID:1100
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        115⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        116⤵
        Drops file in System32 directory
        
        PID:1584
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        117⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        118⤵
        Drops file in System32 directory
        
        PID:1572
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        119⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        120⤵
        Drops file in System32 directory
        
        PID:3508
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        121⤵
        Drops file in System32 directory
        
        PID:3036
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        122⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        123⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        124⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        125⤵
        Drops file in System32 directory
        
        PID:3696
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        126⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        127⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\nwizhx2.exe
        
        C:\Windows\system32\nwizhx2.exe
        128⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        128⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        127⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        126⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        125⤵
        
        PID:8
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        124⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        123⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        122⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        121⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        120⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        119⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        118⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        117⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        116⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        115⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        114⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        113⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        112⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        111⤵
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        110⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        109⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        108⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        107⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        106⤵
        
        PID:560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        105⤵
        
        PID:736
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        104⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        103⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        102⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        101⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        100⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        99⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        98⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        97⤵
        
        PID:460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        96⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        95⤵
        
        PID:224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        94⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        93⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        92⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        91⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        90⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        89⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        88⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        87⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        86⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        85⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        84⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        83⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        82⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        81⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        80⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        79⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        78⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        77⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        76⤵
        
        PID:824
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        75⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        74⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        73⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        72⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        71⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        70⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        69⤵
        
        PID:680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        68⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        67⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        66⤵
        
        PID:784
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        65⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        64⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        63⤵
        
        PID:460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        62⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        61⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        60⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        59⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        58⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        57⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        56⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        55⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        54⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        53⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        52⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        51⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        50⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        49⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        48⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        47⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        46⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        45⤵
        
        PID:848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        44⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        43⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        42⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        41⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        40⤵
        
        PID:680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        39⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        38⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        37⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        36⤵
        
        PID:784
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        35⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        34⤵
        
        PID:408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        33⤵
        
        PID:812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        32⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        31⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        30⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        29⤵
        
        PID:560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        28⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        27⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        26⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        25⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        24⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        23⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        22⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        21⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        20⤵
        
        PID:232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        19⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        18⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        17⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        16⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        15⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        14⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        13⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        12⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        11⤵
        
        PID:736
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        10⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        9⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        8⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        7⤵
        
        PID:3548
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        6⤵
        
        PID:1144
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
        5⤵
        
        PID:4624
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
      4⤵
      PID:1484
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del "C:\Windows\SysWOW64\nwizhx2.exe"
    3⤵
    PID:4832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\4a84c507c29c5350b77be68a30f4fb20.exe"
  2⤵
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\nwizhx2.exe

Filesize
8KB

MD5
4a84c507c29c5350b77be68a30f4fb20

SHA1
c74f68bd3c457a64b024f26a724b03d8d446c985

SHA256
9c5a81fea1af416a3fd183aae7d6c7329e8448faa14bfc6371df9096ba97171e

SHA512
e9b08b285ee3cf4fb86f2cb740e635def0c94756410138061af30ca41fc8d739adb9ea4fd91ab9ea71a92d6716d282cd8beae94a926fb6f3c0eca75af5be6efa

Download Submit