6b1da5342a7f732cee6dbbe24e17854c6ce62aa780395ec818c89d97631e8075

Analysis

max time kernel
420s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

brrrrr.bat
Size

3KB
MD5

0b27a89c81df2bd7d49222d6fb86bdcf
SHA1

fcf787cd42021785896699323d3c9e86bc120ff0
SHA256

6b1da5342a7f732cee6dbbe24e17854c6ce62aa780395ec818c89d97631e8075
SHA512

70eb7433414df6f31976d391592cd3112bdb88af534ff8a87f5b750558b8e5faee9e5c4ecc75b1a624745690cfe34e96e465bbe477a4ff63d86a30a8dd3b7736

Score

9^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa	cmd.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	cmd.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 24 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Process not Found

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14276	Process not Found
Token: SeChangeNotifyPrivilege	14276	Process not Found
Token: 33	14276	Process not Found
Token: SeIncBasePriorityPrivilege	14276	Process not Found
Token: SeCreateGlobalPrivilege	14836	Process not Found
Token: SeChangeNotifyPrivilege	14836	Process not Found
Token: 33	14836	Process not Found
Token: SeIncBasePriorityPrivilege	14836	Process not Found
Token: SeCreateGlobalPrivilege	16344	Process not Found
Token: SeChangeNotifyPrivilege	16344	Process not Found
Token: 33	16344	Process not Found
Token: SeIncBasePriorityPrivilege	16344	Process not Found
Token: SeCreateGlobalPrivilege	2376	Process not Found
Token: SeChangeNotifyPrivilege	2376	Process not Found
Token: 33	2376	Process not Found
Token: SeIncBasePriorityPrivilege	2376	Process not Found
Token: SeCreateGlobalPrivilege	2268	Process not Found
Token: SeChangeNotifyPrivilege	2268	Process not Found
Token: 33	2268	Process not Found
Token: SeIncBasePriorityPrivilege	2268	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 1108	4712	cmd.exe	85
PID 4712 wrote to memory of 1108	4712	cmd.exe	85
PID 4712 wrote to memory of 4788	4712	cmd.exe	86
PID 4712 wrote to memory of 4788	4712	cmd.exe	86
PID 1108 wrote to memory of 1284	1108	cmd.exe	87
PID 1108 wrote to memory of 1284	1108	cmd.exe	87
PID 1108 wrote to memory of 3604	1108	cmd.exe	88
PID 1108 wrote to memory of 3604	1108	cmd.exe	88
PID 4788 wrote to memory of 4236	4788	cmd.exe	89
PID 4788 wrote to memory of 4236	4788	cmd.exe	89
PID 1284 wrote to memory of 3008	1284	cmd.exe	90
PID 1284 wrote to memory of 3008	1284	cmd.exe	90
PID 1284 wrote to memory of 1152	1284	cmd.exe	91
PID 1284 wrote to memory of 1152	1284	cmd.exe	91
PID 4788 wrote to memory of 3924	4788	cmd.exe	92
PID 4788 wrote to memory of 3924	4788	cmd.exe	92
PID 3604 wrote to memory of 4504	3604	cmd.exe	93
PID 3604 wrote to memory of 4504	3604	cmd.exe	93
PID 3604 wrote to memory of 4976	3604	cmd.exe	94
PID 3604 wrote to memory of 4976	3604	cmd.exe	94
PID 3008 wrote to memory of 668	3008	cmd.exe	95
PID 3008 wrote to memory of 668	3008	cmd.exe	95
PID 3008 wrote to memory of 4460	3008	cmd.exe	96
PID 3008 wrote to memory of 4460	3008	cmd.exe	96
PID 4504 wrote to memory of 4732	4504	cmd.exe	97
PID 4504 wrote to memory of 4732	4504	cmd.exe	97
PID 4504 wrote to memory of 5092	4504	cmd.exe	98
PID 4504 wrote to memory of 5092	4504	cmd.exe	98
PID 4236 wrote to memory of 436	4236	cmd.exe	99
PID 4236 wrote to memory of 436	4236	cmd.exe	99
PID 4236 wrote to memory of 3916	4236	cmd.exe	100
PID 4236 wrote to memory of 3916	4236	cmd.exe	100
PID 4976 wrote to memory of 2724	4976	cmd.exe	101
PID 4976 wrote to memory of 2724	4976	cmd.exe	101
PID 1152 wrote to memory of 2224	1152	cmd.exe	102
PID 1152 wrote to memory of 2224	1152	cmd.exe	102
PID 1152 wrote to memory of 3092	1152	cmd.exe	103
PID 1152 wrote to memory of 3092	1152	cmd.exe	103
PID 4976 wrote to memory of 968	4976	cmd.exe	104
PID 4976 wrote to memory of 968	4976	cmd.exe	104
PID 4460 wrote to memory of 2168	4460	cmd.exe	105
PID 4460 wrote to memory of 2168	4460	cmd.exe	105
PID 4460 wrote to memory of 3324	4460	cmd.exe	106
PID 4460 wrote to memory of 3324	4460	cmd.exe	106
PID 668 wrote to memory of 2572	668	cmd.exe	107
PID 668 wrote to memory of 2572	668	cmd.exe	107
PID 668 wrote to memory of 5044	668	cmd.exe	108
PID 668 wrote to memory of 5044	668	cmd.exe	108
PID 2724 wrote to memory of 3176	2724	cmd.exe	110
PID 2724 wrote to memory of 3176	2724	cmd.exe	110
PID 2724 wrote to memory of 1804	2724	cmd.exe	111
PID 2724 wrote to memory of 1804	2724	cmd.exe	111
PID 5092 wrote to memory of 4540	5092	cmd.exe	109
PID 5092 wrote to memory of 4540	5092	cmd.exe	109
PID 3916 wrote to memory of 3404	3916	cmd.exe	112
PID 3916 wrote to memory of 3404	3916	cmd.exe	112
PID 3916 wrote to memory of 4148	3916	cmd.exe	113
PID 3916 wrote to memory of 4148	3916	cmd.exe	113
PID 5092 wrote to memory of 1872	5092	cmd.exe	114
PID 5092 wrote to memory of 1872	5092	cmd.exe	114
PID 436 wrote to memory of 1368	436	cmd.exe	115
PID 436 wrote to memory of 1368	436	cmd.exe	115
PID 436 wrote to memory of 4456	436	cmd.exe	116
PID 436 wrote to memory of 4456	436	cmd.exe	116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1284
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3008
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:668
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:16128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12544
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:5044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:2236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:16300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:4328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:4332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11488
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4460
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:4904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:3872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:1340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:10388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:1548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:1064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:9468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:13412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:16372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12192
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:1460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:1568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:5984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:10348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:14244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:14752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:10356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:15016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:6776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:8096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:13560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:13876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:8108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:13520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:13832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        15⤵
        
        PID:15480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        15⤵
        
        PID:16364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:6792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:10452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:14124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:14164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:10880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:12648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:5804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:6976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:16096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:16220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:6992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:14976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11324
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        13⤵
        
        PID:12900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:5816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:7904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:11276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:10276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:7920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        14⤵
        
        PID:15232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:1432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        Drops file in Program Files directory
        
        PID:8940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:8244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:9836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:1544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:1628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:8448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:1268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:5552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:6032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1152
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:2224
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:15404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:15008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11232
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:4744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15668
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        10⤵
        
        PID:12796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14728
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13308
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:3092
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13020
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15364
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        11⤵
        
        PID:16352
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        12⤵
        
        PID:16096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3604
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4504
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:4732
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:5112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12788
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        10⤵
        
        PID:14044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14912
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:16120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:16356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9588
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5092
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:4540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11988
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        9⤵
        
        PID:12428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:1028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11636
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        10⤵
        
        PID:15316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:16056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11948
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15380
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4976
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2724
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:10852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:11044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14396
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:16380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:16100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:12328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:14080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:5264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:16336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:15108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:16292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:7820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:6484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:11344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        13⤵
        
        PID:10236
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:2344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:1068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:3152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:16056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:16068
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        12⤵
        
        PID:12436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:8472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:13800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:7896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:15316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:12308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:12668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:4804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:9824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:6756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:3616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        12⤵
        
        PID:14256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:15320
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:968
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11364
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13608
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:16224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:13916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4236
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:436
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:1368
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:3468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:9152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:12528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:14768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:16060
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:4456
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:7020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:11920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:11964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:7028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15296
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:13956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:6008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:10484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:15592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:10500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:15264
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3916
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:3404
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:1852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:4516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:10580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:11764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:7652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:10556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:10220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        11⤵
        
        PID:11632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:9988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:8444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12244
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:3988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:5904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:9384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:1864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:8852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:6328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:12220
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:4148
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:4968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:6124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:14776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:15240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:7996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        10⤵
        
        PID:13816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:11452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:6132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:9004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14984
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:2928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8480
        
        C:\Windows\system32\reg.exe
        
        reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :you are so dump
        8⤵
        
        PID:11968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:5336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        9⤵
        
        PID:14792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
    3⤵
    PID:3924
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      PID:3824
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:6188
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:10768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:10904
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:10788
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:6204
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:7512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:14204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:14704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:12672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:14992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        6⤵
        
        PID:7520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:13028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:12720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        7⤵
        
        PID:13616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:8924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        8⤵
        
        PID:14220
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
      4⤵
      PID:3832
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\AppData\Local\Temp\brrrrr.bat"
        5⤵
        
        PID:16288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\windowswimn32.batreg

Filesize
326B

MD5
e0d7a9d47b5d18137f076d11a1f469a7

SHA1
3de6117f9b371463a01e72dd4fa6c6afdd235557

SHA256
853e383bdc30e969bf06ee6e69ae05d519d4b382d590fb2fe2698c6291a91f74

SHA512
1a3bd85d6e9383b1e354dc4b364ebd3d305248d0d33ecc7cb6f4d50823197a2636b18d4134a5f04ff14e6fdbff3702be373b396644b0f8a8028057750b537f59

Download Submit
memory/1108-144-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/1176-174-0x00007FF907310000-0x00007FF907505000-memory.dmp

Filesize
2.0MB

Download
memory/1820-226-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/2368-205-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/2908-259-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/3772-246-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/9468-33-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/9824-157-0x00007FF907310000-0x00007FF907505000-memory.dmp

Filesize
2.0MB

Download
memory/9824-156-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/9988-216-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/10216-77-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/10224-178-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/10588-183-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/10924-84-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/10932-249-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/11000-81-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/11664-37-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/11760-56-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/11832-218-0x00007FF907310000-0x00007FF907505000-memory.dmp

Filesize
2.0MB

Download
memory/11848-126-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/11880-27-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/11968-31-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/12140-171-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/12184-55-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/12240-247-0x00007FF906510000-0x00007FF906865000-memory.dmp

Filesize
3.3MB

Download
memory/12428-29-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/12688-115-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/12988-28-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/13012-38-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/13196-243-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/13208-210-0x00007FF907310000-0x00007FF907505000-memory.dmp

Filesize
2.0MB

Download
memory/13400-230-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/13404-8-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/13580-189-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/13768-172-0x00007FF906870000-0x00007FF90690B000-memory.dmp

Filesize
620KB

Download
memory/13772-60-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/13860-104-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/14388-85-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/14568-155-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/14740-184-0x00007FF907310000-0x00007FF907505000-memory.dmp

Filesize
2.0MB

Download
memory/14772-207-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/14960-14-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/15024-7-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/15088-240-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/15228-61-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/15416-40-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/15560-72-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/15600-142-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/15652-113-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download
memory/15664-185-0x00007FF907310000-0x00007FF907505000-memory.dmp

Filesize
2.0MB

Download
memory/15852-79-0x00007FF615CD0000-0x00007FF615D27000-memory.dmp

Filesize
348KB

Download
memory/15964-191-0x00007FF9061B0000-0x00007FF90624E000-memory.dmp

Filesize
632KB

Download
memory/16060-108-0x00007FF906450000-0x00007FF90650E000-memory.dmp

Filesize
760KB

Download
memory/16380-11-0x00007FF725300000-0x00007FF725367000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads