6b1da5342a7f732cee6dbbe24e17854c6ce62aa780395ec818c89d97631e8075

Analysis

max time kernel
599s
max time network
435s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

brrrrr.bat
Size

3KB
MD5

0b27a89c81df2bd7d49222d6fb86bdcf
SHA1

fcf787cd42021785896699323d3c9e86bc120ff0
SHA256

6b1da5342a7f732cee6dbbe24e17854c6ce62aa780395ec818c89d97631e8075
SHA512

70eb7433414df6f31976d391592cd3112bdb88af534ff8a87f5b750558b8e5faee9e5c4ecc75b1a624745690cfe34e96e465bbe477a4ff63d86a30a8dd3b7736

Score

10^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 16028 created 15528	16028	Process not Found	2085

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\WERFA9D.tmp.WERDataCollectionStatus.txt	Process not Found

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa	cmd.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	cmd.exe

Drops file in Windows directory 51 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Process not Found

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
14764	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	10844	Process not Found
Token: SeChangeNotifyPrivilege	10844	Process not Found
Token: 33	10844	Process not Found
Token: SeIncBasePriorityPrivilege	10844	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 708 wrote to memory of 4592	708	cmd.exe	84
PID 708 wrote to memory of 4592	708	cmd.exe	84
PID 708 wrote to memory of 4868	708	cmd.exe	85
PID 708 wrote to memory of 4868	708	cmd.exe	85
PID 4592 wrote to memory of 4224	4592	cmd.exe	86
PID 4592 wrote to memory of 4224	4592	cmd.exe	86
PID 4592 wrote to memory of 3672	4592	cmd.exe	87
PID 4592 wrote to memory of 3672	4592	cmd.exe	87
PID 3672 wrote to memory of 5088	3672	cmd.exe	88
PID 3672 wrote to memory of 5088	3672	cmd.exe	88
PID 3672 wrote to memory of 3468	3672	cmd.exe	89
PID 3672 wrote to memory of 3468	3672	cmd.exe	89
PID 4224 wrote to memory of 3084	4224	cmd.exe	90
PID 4224 wrote to memory of 3084	4224	cmd.exe	90
PID 4224 wrote to memory of 3456	4224	cmd.exe	91
PID 4224 wrote to memory of 3456	4224	cmd.exe	91
PID 4868 wrote to memory of 624	4868	cmd.exe	92
PID 4868 wrote to memory of 624	4868	cmd.exe	92
PID 4868 wrote to memory of 4796	4868	cmd.exe	93
PID 4868 wrote to memory of 4796	4868	cmd.exe	93
PID 3456 wrote to memory of 2640	3456	cmd.exe	94
PID 3456 wrote to memory of 2640	3456	cmd.exe	94
PID 3456 wrote to memory of 4132	3456	cmd.exe	95
PID 3456 wrote to memory of 4132	3456	cmd.exe	95
PID 5088 wrote to memory of 5108	5088	cmd.exe	96
PID 5088 wrote to memory of 5108	5088	cmd.exe	96
PID 5088 wrote to memory of 2404	5088	cmd.exe	98
PID 5088 wrote to memory of 2404	5088	cmd.exe	98
PID 3084 wrote to memory of 3472	3084	cmd.exe	97
PID 3084 wrote to memory of 3472	3084	cmd.exe	97
PID 2640 wrote to memory of 4844	2640	cmd.exe	99
PID 2640 wrote to memory of 4844	2640	cmd.exe	99
PID 2640 wrote to memory of 4016	2640	cmd.exe	100
PID 2640 wrote to memory of 4016	2640	cmd.exe	100
PID 3468 wrote to memory of 4068	3468	cmd.exe	101
PID 3468 wrote to memory of 4068	3468	cmd.exe	101
PID 3084 wrote to memory of 1928	3084	cmd.exe	102
PID 3084 wrote to memory of 1928	3084	cmd.exe	102
PID 3468 wrote to memory of 1200	3468	cmd.exe	103
PID 3468 wrote to memory of 1200	3468	cmd.exe	103
PID 2404 wrote to memory of 2332	2404	cmd.exe	104
PID 2404 wrote to memory of 2332	2404	cmd.exe	104
PID 2404 wrote to memory of 680	2404	cmd.exe	105
PID 2404 wrote to memory of 680	2404	cmd.exe	105
PID 624 wrote to memory of 3660	624	cmd.exe	106
PID 624 wrote to memory of 3660	624	cmd.exe	106
PID 624 wrote to memory of 4312	624	cmd.exe	107
PID 624 wrote to memory of 4312	624	cmd.exe	107
PID 4016 wrote to memory of 2656	4016	cmd.exe	108
PID 4016 wrote to memory of 2656	4016	cmd.exe	108
PID 5108 wrote to memory of 2744	5108	cmd.exe	109
PID 5108 wrote to memory of 2744	5108	cmd.exe	109
PID 4016 wrote to memory of 2444	4016	cmd.exe	110
PID 4016 wrote to memory of 2444	4016	cmd.exe	110
PID 5108 wrote to memory of 3076	5108	cmd.exe	111
PID 5108 wrote to memory of 3076	5108	cmd.exe	111
PID 4132 wrote to memory of 1416	4132	cmd.exe	112
PID 4132 wrote to memory of 1416	4132	cmd.exe	112
PID 4132 wrote to memory of 4372	4132	cmd.exe	113
PID 4132 wrote to memory of 4372	4132	cmd.exe	113
PID 4068 wrote to memory of 3040	4068	cmd.exe	114
PID 4068 wrote to memory of 3040	4068	cmd.exe	114
PID 4068 wrote to memory of 1452	4068	cmd.exe	115
PID 4068 wrote to memory of 1452	4068	cmd.exe	115

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4224
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3084
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:3472
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:880
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        9⤵
        
        PID:15772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8492
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:10040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:2092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12272
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        10⤵
        
        PID:15712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        Drops file in Windows directory
        
        PID:11296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12500
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:1928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:4624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9192
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11976
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        10⤵
        
        PID:15756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13500
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3456
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:4844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:1808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:2108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:4456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:4988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:2476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15152
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:2500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:2396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:10288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:4904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12264
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        11⤵
        
        PID:16224
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        12⤵
        
        PID:15584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        Drops file in Windows directory
        
        PID:12296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:7012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:2916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:1628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        Drops file in Program Files directory
        Drops file in Windows directory
        
        PID:13996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:10972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:1932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        Drops file in Windows directory
        
        PID:14304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        Drops file in Windows directory
        
        PID:9836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:10312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:14136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:13520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:9940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13988
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4132
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:64
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:3560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12324
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:4372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:3872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:9360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:10748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:4028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3672
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5088
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5108
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14552
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:1004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14968
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2404
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:9720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:1036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12668
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        11⤵
        
        PID:14460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        Drops file in Windows directory
        
        PID:12356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:13528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12628
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        Drops file in Windows directory
        
        PID:12260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:2304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13096
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        11⤵
        
        PID:15556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:4996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12240
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        12⤵
        
        PID:15696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:7700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:8916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:9148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:7792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:14444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:14788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        Drops file in Windows directory
        
        PID:11904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:13696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:13704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3468
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4068
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:9860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11812
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        11⤵
        
        PID:13544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        Drops file in Windows directory
        
        PID:12368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12128
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        11⤵
        
        PID:16324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        Drops file in Windows directory
        
        PID:6932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12636
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        11⤵
        
        PID:14352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14780
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:11652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:10432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:1248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10796
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:1200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:15072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:4600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12344
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        9⤵
        
        PID:15764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:16184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:16192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        Drops file in Windows directory
        
        PID:10740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:4988
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:4684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12064
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        9⤵
        
        PID:14540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:14144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:4944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      PID:3660
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:804
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        Drops file in Windows directory
        
        PID:13956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15328
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:15208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13384
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:4112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:2268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        Drops file in Windows directory
        
        PID:9328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:3772
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13388
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        10⤵
        
        PID:15708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11964
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        9⤵
        
        PID:16216
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        
        PID:13836
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      PID:4312
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:2924
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:6428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        Drops file in Windows directory
        
        PID:8724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:6440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:15352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9628
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:7360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:7656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:10440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:10804
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:2204
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:4512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        Drops file in Windows directory
        
        PID:14096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10280
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        Drops file in Windows directory
        
        PID:14568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14872
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        9⤵
        
        PID:4824
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        
        PID:15680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
    3⤵
    PID:4796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      PID:8372
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:11712
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:13104
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:13412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:13184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:13272
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Drops file in Windows directory
        
        PID:11760
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:15852
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      PID:8380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\windowswimn32.batreg

Filesize
326B

MD5
e0d7a9d47b5d18137f076d11a1f469a7

SHA1
3de6117f9b371463a01e72dd4fa6c6afdd235557

SHA256
853e383bdc30e969bf06ee6e69ae05d519d4b382d590fb2fe2698c6291a91f74

SHA512
1a3bd85d6e9383b1e354dc4b364ebd3d305248d0d33ecc7cb6f4d50823197a2636b18d4134a5f04ff14e6fdbff3702be373b396644b0f8a8028057750b537f59

Download Submit
memory/1120-186-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/1244-131-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/4464-187-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/6236-145-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/8380-70-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/8916-80-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/9268-16-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/9324-55-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/9340-48-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/9424-172-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/9716-81-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/9940-13-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/9940-185-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/10028-52-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/10212-30-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/10220-29-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/10228-58-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/10472-109-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/10544-157-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/11152-146-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/11232-132-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/11352-174-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/11576-119-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/11580-57-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/11648-38-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/11756-200-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/11968-194-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/12292-99-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/12344-2-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/12400-1-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/13044-206-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/13156-205-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/13264-59-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/13308-67-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/13500-90-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/13564-83-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/13752-77-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/14032-116-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/14032-133-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/14220-121-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/14292-134-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/14524-9-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/14536-10-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/14868-75-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/14888-68-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/14904-87-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/14904-84-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/15012-82-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/15040-61-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/15124-85-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/15160-49-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/15160-170-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/15392-39-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/15400-107-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/15412-31-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/15556-60-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/15820-105-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/15888-28-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/15988-26-0x00007FFAC2FD0000-0x00007FFAC31C5000-memory.dmp

Filesize
2.0MB

Download
memory/15988-25-0x00007FF7D75E0000-0x00007FF7D7647000-memory.dmp

Filesize
412KB

Download
memory/16000-104-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/16052-65-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/16104-27-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download
memory/16148-98-0x00007FF6C5D70000-0x00007FF6C5DC7000-memory.dmp

Filesize
348KB

Download