14169e8f97adf6693fadd5f732dc445c7b59f8683c7938b3bd66fd21aa5f976b

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe
Size

228KB
MD5

8a9717cb31f53b2ddeb8fc70dfb6dd16
SHA1

e449fcf67400d8d3c7df7341815cd11f1c487602
SHA256

14169e8f97adf6693fadd5f732dc445c7b59f8683c7938b3bd66fd21aa5f976b
SHA512

db5528713b869ae27cfa9eebdda4caafbdfcada3a8423b01d44e8b4126af9048cae7634a58a9571b40f1eb3bf93e3cfb6ebd6ce7ce4fa6fbfa9466a19fd450ce
SSDEEP

6144:c2ZpDuIqCHE28LuU4SDOZ+5H88EZeeSzbjnNu91RrqI/:cCDuxamSUDO4HfEZeeSLnA91

Score

10^/10

defense_evasion discovery persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	fuuuwu.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe

Executes dropped EXE 64 IoCs

pid	Process
4664	fuuuwu.exe
2120	fuuuwu.exe
3564	fuuuwu.exe
944	fuuuwu.exe
1056	fuuuwu.exe
3532	fuuuwu.exe
1184	fuuuwu.exe
2896	fuuuwu.exe
1556	fuuuwu.exe
5464	fuuuwu.exe
4572	fuuuwu.exe
3920	fuuuwu.exe
5472	fuuuwu.exe
6000	fuuuwu.exe
3052	fuuuwu.exe
3064	fuuuwu.exe
844	fuuuwu.exe
4436	fuuuwu.exe
2508	fuuuwu.exe
3320	fuuuwu.exe
4976	fuuuwu.exe
4916	fuuuwu.exe
6092	fuuuwu.exe
5968	fuuuwu.exe
2228	fuuuwu.exe
692	fuuuwu.exe
1212	fuuuwu.exe
3628	fuuuwu.exe
3528	fuuuwu.exe
2716	fuuuwu.exe
2564	fuuuwu.exe
1556	fuuuwu.exe
5464	fuuuwu.exe
2984	fuuuwu.exe
3512	fuuuwu.exe
1980	fuuuwu.exe
1248	fuuuwu.exe
2104	fuuuwu.exe
2056	fuuuwu.exe
4104	fuuuwu.exe
4712	fuuuwu.exe
768	fuuuwu.exe
5852	fuuuwu.exe
4940	fuuuwu.exe
708	fuuuwu.exe
1032	fuuuwu.exe
1004	fuuuwu.exe
3528	fuuuwu.exe
1428	fuuuwu.exe
5396	fuuuwu.exe
4564	fuuuwu.exe
3940	fuuuwu.exe
456	fuuuwu.exe
2316	fuuuwu.exe
3396	fuuuwu.exe
3324	fuuuwu.exe
5304	fuuuwu.exe
5312	fuuuwu.exe
5180	fuuuwu.exe
1088	fuuuwu.exe
4640	fuuuwu.exe
2196	fuuuwu.exe
1596	fuuuwu.exe
4772	fuuuwu.exe

Adds Run key to start application 2 TTPs 52 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /c"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /J"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /t"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /R"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /d"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /A"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /b"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /E"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /l"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /z"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /X"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /u"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /f"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /C"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /Y"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /s"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /D"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /S"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /Z"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /k"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /r"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /M"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /o"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /P"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /W"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /y"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /O"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /g"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /Q"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /e"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /T"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /G"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /a"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /I"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /K"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /B"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /U"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /m"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /h"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /q"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /v"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /N"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /L"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /w"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /H"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /n"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /p"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /F"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /i"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /j"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /V"	fuuuwu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fuuuwu = "C:\\Users\\Admin\\fuuuwu.exe /x"	fuuuwu.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fuuuwu.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe
4664	fuuuwu.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5976	JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe
4664	fuuuwu.exe
2120	fuuuwu.exe
3564	fuuuwu.exe
944	fuuuwu.exe
1056	fuuuwu.exe
3532	fuuuwu.exe
1184	fuuuwu.exe
2896	fuuuwu.exe
1556	fuuuwu.exe
5464	fuuuwu.exe
4572	fuuuwu.exe
3920	fuuuwu.exe
5472	fuuuwu.exe
6000	fuuuwu.exe
3052	fuuuwu.exe
3064	fuuuwu.exe
844	fuuuwu.exe
4436	fuuuwu.exe
2508	fuuuwu.exe
3320	fuuuwu.exe
4976	fuuuwu.exe
4916	fuuuwu.exe
6092	fuuuwu.exe
5968	fuuuwu.exe
2228	fuuuwu.exe
692	fuuuwu.exe
1212	fuuuwu.exe
3628	fuuuwu.exe
3528	fuuuwu.exe
2716	fuuuwu.exe
2564	fuuuwu.exe
1556	fuuuwu.exe
5464	fuuuwu.exe
2984	fuuuwu.exe
3512	fuuuwu.exe
1980	fuuuwu.exe
1248	fuuuwu.exe
2104	fuuuwu.exe
2056	fuuuwu.exe
4104	fuuuwu.exe
4712	fuuuwu.exe
768	fuuuwu.exe
5852	fuuuwu.exe
4940	fuuuwu.exe
708	fuuuwu.exe
1032	fuuuwu.exe
1004	fuuuwu.exe
3528	fuuuwu.exe
1428	fuuuwu.exe
5396	fuuuwu.exe
4564	fuuuwu.exe
3940	fuuuwu.exe
456	fuuuwu.exe
2316	fuuuwu.exe
3396	fuuuwu.exe
3324	fuuuwu.exe
5304	fuuuwu.exe
5312	fuuuwu.exe
5180	fuuuwu.exe
1088	fuuuwu.exe
4640	fuuuwu.exe
2196	fuuuwu.exe
1596	fuuuwu.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5976 wrote to memory of 4664	5976	JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe	90
PID 5976 wrote to memory of 4664	5976	JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe	90
PID 5976 wrote to memory of 4664	5976	JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe	90
PID 4928 wrote to memory of 2120	4928	cmd.exe	97
PID 4928 wrote to memory of 2120	4928	cmd.exe	97
PID 4928 wrote to memory of 2120	4928	cmd.exe	97
PID 3576 wrote to memory of 3564	3576	cmd.exe	100
PID 3576 wrote to memory of 3564	3576	cmd.exe	100
PID 3576 wrote to memory of 3564	3576	cmd.exe	100
PID 5764 wrote to memory of 944	5764	cmd.exe	104
PID 5764 wrote to memory of 944	5764	cmd.exe	104
PID 5764 wrote to memory of 944	5764	cmd.exe	104
PID 5344 wrote to memory of 1056	5344	cmd.exe	107
PID 5344 wrote to memory of 1056	5344	cmd.exe	107
PID 5344 wrote to memory of 1056	5344	cmd.exe	107
PID 6100 wrote to memory of 3532	6100	cmd.exe	110
PID 6100 wrote to memory of 3532	6100	cmd.exe	110
PID 6100 wrote to memory of 3532	6100	cmd.exe	110
PID 4460 wrote to memory of 1184	4460	cmd.exe	113
PID 4460 wrote to memory of 1184	4460	cmd.exe	113
PID 4460 wrote to memory of 1184	4460	cmd.exe	113
PID 5484 wrote to memory of 2896	5484	cmd.exe	116
PID 5484 wrote to memory of 2896	5484	cmd.exe	116
PID 5484 wrote to memory of 2896	5484	cmd.exe	116
PID 5184 wrote to memory of 1556	5184	cmd.exe	121
PID 5184 wrote to memory of 1556	5184	cmd.exe	121
PID 5184 wrote to memory of 1556	5184	cmd.exe	121
PID 3592 wrote to memory of 5464	3592	cmd.exe	124
PID 3592 wrote to memory of 5464	3592	cmd.exe	124
PID 3592 wrote to memory of 5464	3592	cmd.exe	124
PID 4376 wrote to memory of 4572	4376	cmd.exe	127
PID 4376 wrote to memory of 4572	4376	cmd.exe	127
PID 4376 wrote to memory of 4572	4376	cmd.exe	127
PID 5440 wrote to memory of 3920	5440	cmd.exe	130
PID 5440 wrote to memory of 3920	5440	cmd.exe	130
PID 5440 wrote to memory of 3920	5440	cmd.exe	130
PID 5884 wrote to memory of 5472	5884	cmd.exe	133
PID 5884 wrote to memory of 5472	5884	cmd.exe	133
PID 5884 wrote to memory of 5472	5884	cmd.exe	133
PID 5684 wrote to memory of 6000	5684	cmd.exe	136
PID 5684 wrote to memory of 6000	5684	cmd.exe	136
PID 5684 wrote to memory of 6000	5684	cmd.exe	136
PID 1108 wrote to memory of 3052	1108	cmd.exe	139
PID 1108 wrote to memory of 3052	1108	cmd.exe	139
PID 1108 wrote to memory of 3052	1108	cmd.exe	139
PID 4516 wrote to memory of 3064	4516	cmd.exe	142
PID 4516 wrote to memory of 3064	4516	cmd.exe	142
PID 4516 wrote to memory of 3064	4516	cmd.exe	142
PID 4640 wrote to memory of 844	4640	cmd.exe	145
PID 4640 wrote to memory of 844	4640	cmd.exe	145
PID 4640 wrote to memory of 844	4640	cmd.exe	145
PID 5276 wrote to memory of 4436	5276	cmd.exe	148
PID 5276 wrote to memory of 4436	5276	cmd.exe	148
PID 5276 wrote to memory of 4436	5276	cmd.exe	148
PID 2452 wrote to memory of 2508	2452	cmd.exe	151
PID 2452 wrote to memory of 2508	2452	cmd.exe	151
PID 2452 wrote to memory of 2508	2452	cmd.exe	151
PID 224 wrote to memory of 3320	224	cmd.exe	154
PID 224 wrote to memory of 3320	224	cmd.exe	154
PID 224 wrote to memory of 3320	224	cmd.exe	154
PID 4716 wrote to memory of 4976	4716	cmd.exe	157
PID 4716 wrote to memory of 4976	4716	cmd.exe	157
PID 4716 wrote to memory of 4976	4716	cmd.exe	157
PID 4768 wrote to memory of 4916	4768	cmd.exe	160

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a9717cb31f53b2ddeb8fc70dfb6dd16.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5976
- C:\Users\Admin\fuuuwu.exe
  "C:\Users\Admin\fuuuwu.exe"
  2⤵
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /T
1⤵
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /T
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /L
1⤵
- Suspicious use of WriteProcessMemory
PID:5764
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /L
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /B
1⤵
- Suspicious use of WriteProcessMemory
PID:5344
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /B
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /U
1⤵
- Suspicious use of WriteProcessMemory
PID:6100
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /U
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /w
1⤵
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /w
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /H
1⤵
- Suspicious use of WriteProcessMemory
PID:5484
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /H
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /O
1⤵
- Suspicious use of WriteProcessMemory
PID:5184
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /O
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Y
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Y
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /n
1⤵
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /n
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4572

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /s
1⤵
- Suspicious use of WriteProcessMemory
PID:5440
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /s
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /b
1⤵
- Suspicious use of WriteProcessMemory
PID:5884
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /b
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /U
1⤵
- Suspicious use of WriteProcessMemory
PID:5684
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /U
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /m
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /m
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /r
1⤵
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /r
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /h
1⤵
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /h
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /D
1⤵
- Suspicious use of WriteProcessMemory
PID:5276
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /D
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /V
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /V
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /q
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /q
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3320

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /S
1⤵
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /S
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /p
1⤵
PID:5828
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /p
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6092

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /s
1⤵
PID:5744
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /s
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /n
1⤵
PID:5116
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /n
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /g
1⤵
PID:3576
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /g
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /T
1⤵
PID:6032
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /T
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1212

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /a
1⤵
PID:2100
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /a
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Z
1⤵
PID:4480
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Z
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /E
1⤵
PID:4348
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /E
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /F
1⤵
PID:2160
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /F
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /C
1⤵
PID:5960
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /C
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /m
1⤵
PID:1548
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /m
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /K
1⤵
PID:948
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /K
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /M
1⤵
PID:2940
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /M
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3512

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /I
1⤵
PID:820
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /I
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /H
1⤵
PID:6120
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /H
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /v
1⤵
PID:4892
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /l
1⤵
PID:4788
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /l
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /O
1⤵
PID:2992
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /O
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /n
1⤵
PID:5308
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /n
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /O
1⤵
PID:5932
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /O
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:768

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /x
1⤵
PID:4352
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /x
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5852

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /v
1⤵
PID:4732
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /v
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /N
1⤵
PID:1908
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /N
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Q
1⤵
PID:3540
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Q
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1032

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Q
1⤵
PID:2044
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Q
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Y
1⤵
PID:6124
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Y
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /e
1⤵
PID:4480
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /e
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /i
1⤵
PID:4348
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /i
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:2160
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /o
1⤵
PID:5960
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /o
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /m
1⤵
PID:3856
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /m
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /I
1⤵
PID:5460
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /I
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /s
1⤵
PID:752
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /s
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /x
1⤵
PID:5784
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /x
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3324

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Q
1⤵
PID:112
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Q
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /l
1⤵
PID:5856
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /l
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /P
1⤵
PID:3484
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /P
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5180

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /w
1⤵
PID:5292
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /w
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /L
1⤵
PID:4912
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /L
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /g
1⤵
PID:4552
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /g
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /W
1⤵
PID:1176
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /W
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /c
1⤵
PID:4060
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /c
  2⤵
  - Executes dropped EXE
  PID:4772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /j
1⤵
PID:4604
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /j
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /c
1⤵
PID:2120
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /c
  2⤵
  PID:3580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /v
1⤵
PID:5744
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /v
  2⤵
  PID:3620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:2188
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /j
1⤵
PID:3048
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /j
  2⤵
  PID:2064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /D
1⤵
PID:5676
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /D
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /O
1⤵
PID:3816
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /O
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /D
1⤵
PID:2996
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /D
  2⤵
  PID:3036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /e
1⤵
PID:5112
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /e
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /W
1⤵
PID:596
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /W
  2⤵
  PID:5124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /k
1⤵
PID:3276
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /k
  2⤵
  PID:4800

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /y
1⤵
PID:5960
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /E
1⤵
PID:1160
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /E
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /c
1⤵
PID:3512
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /c
  2⤵
  PID:3404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /s
1⤵
PID:1844
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /s
  2⤵
  PID:6120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /k
1⤵
PID:3444
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /k
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /b
1⤵
PID:1972
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /b
  2⤵
  PID:1284

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /B
1⤵
PID:4088
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /B
  2⤵
  PID:4324

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /C
1⤵
PID:5012
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /C
  2⤵
  PID:5272

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /o
1⤵
PID:1584
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /o
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /C
1⤵
PID:1936
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /C
  2⤵
  PID:3436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /p
1⤵
PID:840
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /p
  2⤵
  PID:4772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:4168
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /J
1⤵
PID:2412
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /J
  2⤵
  PID:2228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /q
1⤵
PID:5720
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /q
  2⤵
  PID:5924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /J
1⤵
PID:3540
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /J
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /D
1⤵
PID:4808
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /D
  2⤵
  PID:3884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /t
1⤵
PID:4868
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /t
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /I
1⤵
PID:2492
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /I
  2⤵
  PID:4756

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /K
1⤵
PID:3220
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /K
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /F
1⤵
PID:1988
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /F
  2⤵
  PID:2996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /S
1⤵
PID:3268
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /S
  2⤵
  PID:5284

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /z
1⤵
PID:4564
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /z
  2⤵
  PID:5464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /o
1⤵
PID:3592
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /o
  2⤵
  PID:4068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /M
1⤵
PID:1548
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /M
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /l
1⤵
PID:5440
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /l
  2⤵
  PID:4528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /h
1⤵
PID:3324
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /h
  2⤵
  PID:1292

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /M
1⤵
PID:3652
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /M
  2⤵
  PID:3424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /X
1⤵
PID:1464
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /X
  2⤵
  PID:3304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /i
1⤵
PID:3576
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /i
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4656

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /u
1⤵
PID:6096
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /u
  2⤵
  PID:3844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /c
1⤵
PID:5304
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /c
  2⤵
  PID:4104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /V
1⤵
PID:844
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /V
  2⤵
  PID:532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /x
1⤵
PID:4596
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /x
  2⤵
  PID:448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /D
1⤵
PID:3932
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /D
  2⤵
  PID:1596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:4504
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  PID:1176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /q
1⤵
PID:2088
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /q
  2⤵
  PID:4184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /c
1⤵
PID:4224
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /c
  2⤵
  PID:708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /V
1⤵
PID:788
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /V
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5164

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /M
1⤵
PID:5264
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /M
  2⤵
  PID:3764

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Z
1⤵
PID:5720
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Z
  2⤵
  PID:4956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /U
1⤵
PID:2756
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /U
  2⤵
  PID:4688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /S
1⤵
PID:2188
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /S
  2⤵
  PID:5704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Y
1⤵
PID:3048
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Y
  2⤵
  PID:4388

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:4584
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  PID:5672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /l
1⤵
PID:2008
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /l
  2⤵
  PID:2988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /b
1⤵
PID:1356
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /b
  2⤵
  PID:2624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /M
1⤵
PID:3044
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /M
  2⤵
  PID:2152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /r
1⤵
PID:1848
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /r
  2⤵
  PID:4080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /f
1⤵
PID:5200
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /t
1⤵
PID:4068
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /t
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /m
1⤵
PID:1996
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /m
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /u
1⤵
PID:5972
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /u
  2⤵
  PID:2640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /h
1⤵
PID:5472
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /h
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /r
1⤵
PID:1248
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /r
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5588

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /T
1⤵
PID:2240
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /T
  2⤵
  PID:4692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /R
1⤵
PID:692
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /R
  2⤵
  PID:648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Q
1⤵
PID:2616
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Q
  2⤵
  PID:3844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /o
1⤵
PID:1284
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /o
  2⤵
  PID:2568

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /d
1⤵
PID:4668
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /d
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3096

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /m
1⤵
PID:748
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /m
  2⤵
  PID:2104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /e
1⤵
PID:4892
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /e
  2⤵
  PID:5188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /V
1⤵
PID:1764
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /V
  2⤵
  PID:232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /y
1⤵
PID:4544
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /y
  2⤵
  PID:1616

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /y
1⤵
PID:4320
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /y
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /F
1⤵
PID:1800
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /F
  2⤵
  PID:4772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /f
1⤵
PID:2508
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /f
  2⤵
  PID:2828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /P
1⤵
PID:3912
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /P
  2⤵
  PID:5084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /p
1⤵
PID:2980
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /p
  2⤵
  PID:2228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /R
1⤵
PID:3752
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /R
  2⤵
  PID:2796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /I
1⤵
PID:5264
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /I
  2⤵
  PID:8

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /V
1⤵
PID:5720
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /V
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /q
1⤵
PID:2756
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /q
  2⤵
  PID:1468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /t
1⤵
PID:224
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /t
  2⤵
  PID:1188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /R
1⤵
PID:5148
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /R
  2⤵
  PID:5208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /L
1⤵
PID:5676
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /L
  2⤵
  PID:2996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /A
1⤵
PID:6100
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /A
  2⤵
  PID:4460

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /F
1⤵
PID:4480
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /F
  2⤵
  PID:596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /E
1⤵
PID:5740
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /E
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5184

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /F
1⤵
PID:32
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /F
  2⤵
  PID:2160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /e
1⤵
PID:948
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /e
  2⤵
  PID:4416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /u
1⤵
PID:664
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /u
  2⤵
  PID:5052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /z
1⤵
PID:2928
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /z
  2⤵
  PID:5488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /z
1⤵
PID:2700
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /z
  2⤵
  - System Location Discovery: System Language Discovery
  PID:848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /B
1⤵
PID:5812
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /B
  2⤵
  PID:4132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /w
1⤵
PID:1248
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /w
  2⤵
  PID:3992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Q
1⤵
PID:2240
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Q
  2⤵
  PID:2528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Q
1⤵
PID:692
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Q
  2⤵
  PID:1744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /l
1⤵
PID:2616
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /l
  2⤵
  PID:1128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /P
1⤵
PID:3484
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /P
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /T
1⤵
PID:4668
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /T
  2⤵
  PID:5376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /T
1⤵
PID:748
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /T
  2⤵
  PID:4580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /E
1⤵
PID:2244
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /E
  2⤵
  PID:5008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /k
1⤵
PID:232
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /k
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /L
1⤵
PID:4468
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /L
  2⤵
  PID:4544

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /r
1⤵
PID:3488
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /r
  2⤵
  PID:4320

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /l
1⤵
PID:4612
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /l
  2⤵
  PID:2096

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /A
1⤵
PID:4940
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /A
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /k
1⤵
PID:3244
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /k
  2⤵
  PID:3912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /L
1⤵
PID:2060
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /L
  2⤵
  PID:2980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /f
1⤵
PID:5412
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /f
  2⤵
  PID:3752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /X
1⤵
PID:4180
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /X
  2⤵
  PID:5264

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /N
1⤵
PID:1180
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /N
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /L
1⤵
PID:1092
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /L
  2⤵
  PID:2756

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /x
1⤵
PID:5684
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /x
  2⤵
  PID:224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /k
1⤵
PID:1852
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /k
  2⤵
  PID:5148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Q
1⤵
PID:3220
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Q
  2⤵
  PID:4584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /c
1⤵
PID:2816
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /c
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /K
1⤵
PID:4864
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /K
  2⤵
  PID:2152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /s
1⤵
PID:2112
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /s
  2⤵
  PID:780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /H
1⤵
PID:1600
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /H
  2⤵
  PID:3760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /w
1⤵
PID:1160
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /w
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /h
1⤵
PID:3168
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /h
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1548

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Z
1⤵
PID:4680
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Z
  2⤵
  PID:5440

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /S
1⤵
PID:4496
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /S
  2⤵
  PID:2936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /c
1⤵
PID:1496
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /c
  2⤵
  PID:4132

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:5596
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  PID:3992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /J
1⤵
PID:2708
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /J
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /f
1⤵
PID:316
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /g
1⤵
PID:5180
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /g
  2⤵
  PID:4004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /s
1⤵
PID:5292
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /s
  2⤵
  PID:4516

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /M
1⤵
PID:2964
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /M
  2⤵
  PID:5376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /k
1⤵
PID:3140
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /k
  2⤵
  PID:6060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /v
1⤵
PID:608
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /v
  2⤵
  PID:2560

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Y
1⤵
PID:5312
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Y
  2⤵
  PID:2664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /H
1⤵
PID:5272
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /H
  2⤵
  PID:5276

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /c
1⤵
PID:1084
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /c
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /h
1⤵
PID:4780
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /h
  2⤵
  PID:5288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /T
1⤵
PID:4168
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /T
  2⤵
  PID:4940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /L
1⤵
PID:3912
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /L
  2⤵
  PID:1888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /Z
1⤵
PID:4820
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /Z
  2⤵
  PID:2796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:5924
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  PID:3540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:440
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /a
1⤵
PID:4832
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /a
  2⤵
  PID:1736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /U
1⤵
PID:3788
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /U
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /i
1⤵
PID:6032
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /i
  2⤵
  PID:1188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /G
1⤵
PID:2900
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /G
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /a
1⤵
PID:5284
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /a
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /d
1⤵
PID:4968
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /d
  2⤵
  PID:4460

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /u
1⤵
PID:4480
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /u
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4864

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /X
1⤵
PID:4800
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /X
  2⤵
  PID:2112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\fuuuwu.exe /e
1⤵
PID:3308
- C:\Users\Admin\fuuuwu.exe
  C:\Users\Admin\fuuuwu.exe /e
  2⤵
  PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\fuuuwu.exe

Filesize
228KB

MD5
8d3610c7e2e2143bb58340c114eab90f

SHA1
fec71f6117c5749d809e411ebba16a11167d4e49

SHA256
cc61a544b27aec7b4630c0dfbab9da90ef59d0afa7d85d15b0cc51f1b568f47b

SHA512
b30fbfd9d3c816b75defaae440c1585bc5589f55c4fa6e0db5dfed835ac2356f620d05a2bdb080e1aa81d1f930e30393b544c07f9e3e6e67df280bba8a0abbe6

Download Submit